CVE-2021-3468

Name
CVE-2021-3468
Description
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1939614

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:* avahi >= 0.6 <= 0.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
avahi 3.10-main 0.7-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
avahi 3.11-main 0.7-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
avahi 3.14-main 0.8-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.13-main 0.8-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.12-main 0.8-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.15-main 0.8-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.16-main 0.8-r6 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.17-main 0.8-r6 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.18-main 0.8-r13 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.19-main 0.8-r16 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi 3.20-main 0.8-r17 Natanael Copa <ncopa@alpinelinux.org> fixed
avahi edge-main 0.8-r19 Natanael Copa <ncopa@alpinelinux.org> fixed