CVE-2024-52615

MEDIUM

Red Hat Enterprise Linux 10 - Use of Insufficiently Random Values in Avahi-daemon DNS Query Port Selection

Title source: llm

Description

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

References (5)

Core 5

Core References

https://github.com/avahi/avahi/pull/577

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2326418

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:11402

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:16441

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-52615

Scores

CVSS v3 5.3

EPSS 0.0056

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-330

Status published

Products (5)

Red Hat/Red Hat Enterprise Linux 10 0:0.9~rc2-1.el10_0.1

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9 0:0.8-22.el9_6.1

Red Hat/Red Hat OpenShift Container Platform 4

Published Nov 21, 2024

Tracked Since Feb 18, 2026