CVE-2021-3502 - A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_star

CVE-2021-3502

Summary

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

References

https://github.com/lathiat/avahi/issues/338
https://bugzilla.redhat.com/show_bug.cgi?id=1946914

Vulnerable Configurations

cpe:2.3:a:avahi:avahi:0.8-5:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.8-5:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 17-05-2021 - 17:30)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

Last major update

17-05-2021 - 17:30

Published

07-05-2021 - 12:15

Last modified

17-05-2021 - 17:30