CVE-2025-68276

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Avahi versions prior to 0.9-rc2

Description Avahi, a system for service discovery on a local network using the mDNS/DNS-SD protocol suite, is susceptible to a denial-of-service condition. An unprivileged local user can cause the avahi-daemon to crash by creating record browsers with the AVAHI LOOKUP USE WIDE AREA flag set through D-Bus. This can be achieved either by directly calling the RecordBrowserNew method or by creating hostname/address/service resolvers/browsers that internally create these browsers.

Recommendations Update to a version later than 0.9-rc2.

Exploit

Fix

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

AZL-74271

AZL-74285

BDU:2026-03597

CVE-2025-68276

ECHO-ABCC-913B-5CBC

GHSA-MHF3-865V-G5RC

MGASA-2026-0016

OESA-2026-1236

OPENSUSE-SU-2026:10052-1

OPENSUSE-SU-2026:20110-1

RHSA-2026:11316

SUSE-SU-2026:0143-1

SUSE-SU-2026:0259-1

SUSE-SU-2026:0422-1

SUSE-SU-2026:0577-1

SUSE-SU-2026:20145-1

SUSE-SU-2026:20167-1

SUSE-SU-2026:20525-1

SUSE-SU-2026:21445-1

USN-7967-1

Affected Products

Avahi

Linuxmint

Red Os

Ubuntu

CVE-2025-68276

Weakness Enumeration

Related Identifiers

Affected Products

References · 59