CVE-2026-34933

Published: Apr 3, 2026Modified: Apr 13, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.

Affected (4)

Products: Avahi: Avahi

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Avahi Avahi	Before 0.9
Avahi Avahi	Version 0.9 rc1
Avahi Avahi	Version 0.9 rc2
Avahi Avahi	Version 0.9 rc3

Related CWEs

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (5)

https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c

Source: security-advisories@github.com

Patch

https://github.com/avahi/avahi/pull/891

Source: security-advisories@github.com

Issue TrackingPatch

https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc

Source: security-advisories@github.com

ExploitPatchVendor Advisory

http://www.openwall.com/lists/oss-security/2026/04/11/9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitPatchVendor Advisory

Timeline

No history available yet.