CVE-2021-3468

Published: Jun 2, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Affected (2)

Products: Avahi: Avahi · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avahi Avahi	From 0.6 to 0.8

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=1939614

Source: secalert@redhat.com

Issue Tracking

https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1939614

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.