CVE-2021-3502
Last modified
CVE-2021-3502 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avahi | Avahi | 0.8-5 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1946914Exploit, Issue Tracking, Patch, Third Party Advisory
- https://github.com/lathiat/avahi/issues/338Exploit, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1946914Exploit, Issue Tracking, Patch, Third Party Advisory
- https://github.com/lathiat/avahi/issues/338Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3502?
How severe is CVE-2021-3502?
How do I fix CVE-2021-3502?
Are you affected by CVE-2021-3502?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST