← Zuruck zu CVEs
CVE-2021-3468
MEDIUM5.5
Beschreibung
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
CVE Details
CVSS v3.1 Bewertung5.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht6/2/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
avahi:avahidebian:debian_linux
Schwachen (CWE)
CWE-835CWE-835
Referenzen
https://bugzilla.redhat.com/show_bug.cgi?id=1939614(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1939614(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.