CVE-2025-68471

Published: Jan 12, 2026Modified: Jan 16, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

Affected (2)

Products: Avahi: Avahi

Avahi

1 product

Avahi

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Avahi Avahi	Before 0.9
Avahi Avahi	Version 0.9 rc1

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (3)

https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1

Source: security-advisories@github.com

Patch

https://github.com/avahi/avahi/issues/678

Source: security-advisories@github.com

Issue TrackingExploitPatch

https://github.com/avahi/avahi/security/advisories/GHSA-56rf-42xr-qmmg

Source: security-advisories@github.com

Vendor AdvisoryExploitPatch

Timeline

No history available yet.