PT-2021-4070 · Avahi+5 · Avahi+5
Thomas Kremer
·
Published
2021-03-27
·
Updated
2024-06-26
·
CVE-2021-3502
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
avahi version 0.8-5
Description
A flaw in the avahi service allows a local attacker to crash the service by requesting hostname resolutions for invalid hostnames through the avahi socket or dbus methods. This is due to a reachable assertion in the
avahi s host name resolver start function. The highest threat from this issue is to service availability. Exploitation of this flaw can lead to a denial of service.Recommendations
For avahi version 0.8-5, as a temporary workaround, consider disabling the
avahi s host name resolver start function until a patch is available. Restrict access to the avahi socket and dbus methods to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
NULL Pointer Dereference
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Linuxmint
Red Hat
Red Os
Ubuntu
Avahi