Vulnerability CVE-2021-3468: Information

Description

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3468
Published: June 2, 2021
Modified: June 22, 2023
Error type identifier: CWE-835

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
avahisisyphus0.8-alt20.8-alt4ALT-PU-2021-1733-1270871Fixed
avahip100.8-alt20.8-alt2ALT-PU-2021-1733-1270871Fixed
avahip90.8-alt20.8-alt2ALT-PU-2021-1756-1270905Fixed
avahic10f10.8-alt20.8-alt2ALT-PU-2021-1733-1270871Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1939614
  • Issue Tracking
[debian-lts-announce] 20220607 [SECURITY] [DLA 3047-1] avahi security update
  • Mailing List
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html

      1. Configuration 1

        cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*
        Start including
        0.6
        End including
        0.8

        Configuration 2

        cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.0
    Back to top