Local Denial of Service Vulnerability in Avahi by Red Hat
CVE-2021-3468

5.5MEDIUM

Key Information:

Vendor: Avahi
Status: Avahi
Vendor: CVE Published:; 2 June 2021

🔔 Create Avahi Vulnerability Alert

What is CVE-2021-3468?

A flaw in Avahi, affecting versions 0.6 to 0.8, allows a local attacker to exploit the mishandling of an event in the client_work function, leading to an infinite loop. This results in the Avahi service becoming unresponsive, severely affecting its availability and potentially disrupting services dependent on this functionality.

Affected Version(s)

avahi All avahi versions 0.6 up to 0.8

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939614

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2022/06/msg0...

mailing-listx_refsource_MLIST

https://lists.debian.org/debian-lts-announce/2023/06/msg0...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2021
Vulnerability Reserved
Mar 26, 2021

.