CVE-2021-3468

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Avahi versions 0.6 up to 0.8

Description The issue is related to the client work function in the Avahi service discovery system, which can lead to an infinite loop due to a condition with no exit. This can be exploited by an attacker to cause a denial of service. The flaw is in the handling of the event that signals the termination of the client connection on the Avahi Unix socket. When triggered, it allows a local attacker to make the Avahi service unresponsive.

Recommendations For Avahi versions 0.6 up to 0.8, as a temporary workaround, consider disabling the client work function until a patch is available. Restrict access to the Avahi Unix socket to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2023:6707

ALSA-2023:7836

ALT-PU-2021-1733

ALT-PU-2021-1756

AZL-34548

AZL-6324

BDU:2022-05709

CESA-2023_7836

CVE-2021-3468

DLA-3047-1

DLA-3466-1

MGASA-2021-0212

OESA-2021-1232

OPENSUSE-SU-2021:0694-1

OPENSUSE-SU-2021:1845-1

OPENSUSE-SU-2021_0694-1

OPENSUSE-SU-2021_1845-1

OPENSUSE-SU-2024:10643-1

RHSA-2023:6707

RHSA-2023:7836

RHSA-2023_6707

RHSA-2023_7836

RHSA-2024:0418

RHSA-2024:0576

RLSA-2023:7836

ROSA-SA-2025-2613

SUSE-SU-2021:1493-1

SUSE-SU-2021:1493-2

SUSE-SU-2021:1494-1

SUSE-SU-2021:1494-2

SUSE-SU-2021:1845-1

SUSE-SU-2021_1493-1

SUSE-SU-2021_1493-2

SUSE-SU-2021_1494-1

SUSE-SU-2021_1494-2

USN-5008-1

USN-5008-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Avahi

Centos

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2021-3468

Weakness Enumeration

Related Identifiers

Affected Products

References · 98