Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Published

2021-06-02T16:15:08.960

Last Modified

2024-11-21T06:21:36.953

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-835
Type: Primary
CWE-835

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avahi	avahi	≤ 0.8	Yes
Operating System	debian	debian_linux	9.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939614 Issue Tracking ([email protected])
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1939614 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html (af854a3a-2127-422b-91ae-364da2661108)