Local Attack Vulnerability in Avahi Service by Vendor Linux
CVE-2021-3502

5.5MEDIUM

Key Information:

Vendor: Avahi
Status: Avahi
Vendor: CVE Published:; 7 May 2021

What is CVE-2021-3502?

A flaw exists in the Avahi service where the avahi_s_host_name_resolver_start function contains a reachable assertion. This vulnerability allows a local attacker to crash the Avahi service by making requests for hostname resolutions using invalid hostnames via the Avahi socket or D-Bus methods. The primary risk associated with this vulnerability pertains to the disruption of service availability, affecting users relying on the Avahi service for network service discovery.

Affected Version(s)

avahi 0.8-5

References

https://bugzilla.redhat.com/show_bug.cgi?id=1946914

x_refsource_MISC

https://github.com/lathiat/avahi/issues/338

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2021
Vulnerability Reserved
Apr 15, 2021

JSON