Evgeny Vereshchagin

3 exploits Active since May 2017
CVE-2026-34933 WRITEUP MEDIUM WRITEUP
Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.
CVSS 5.5
CVE-2017-9217 WRITEUP HIGH WRITEUP
systemd < 233 - Denial of Service via Crafted DNS Response with Empty Question Section
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
CVSS 7.5
CVE-2025-68276 WRITEUP MEDIUM WRITEUP
avahi < 0.9 - Denial of Service via D-Bus Record Browser Creation
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.
CVSS 5.5