CVE-2021-3468
Last modified
CVE-2021-3468 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avahi | Avahi | >= 0.6, <= 0.8 |
| Debian | Debian Linux | 9.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939614Issue Tracking
- https://lists.debian.org/debian-lts-announce/2022/06/msg00009.htmlMailing List, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1939614Issue Tracking
- https://lists.debian.org/debian-lts-announce/2022/06/msg00009.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3468?
How severe is CVE-2021-3468?
How do I fix CVE-2021-3468?
Are you affected by CVE-2021-3468?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST