CVE-2021-3502
MEDIUMavahi 0.8-5 - Denial of Service via Invalid Hostname Resolution
Title source: llmDescription
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1946914
Exploit, Third Party Advisory x_refsource_misc
https://github.com/lathiat/avahi/issues/338
Scores
CVSS v3
5.5
EPSS
0.0037
EPSS Percentile
29.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (1)
avahi/avahi
0.8-5
Published
May 07, 2021
Tracked Since
Feb 18, 2026