CVE-2021-3468

EUVD-2021-26790
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
avahiavahi
0.6 ≤
𝑥
≤ 0.8
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
avahi
bookworm
0.8-10
fixed
bullseye
0.8-5+deb11u2
fixed
sid
0.8-13
fixed
trixie
0.8-13
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
avahi
bionic
Fixed 0.7-3.1ubuntu1.3
released
focal
Fixed 0.7-4ubuntu7.1
released
groovy
Fixed 0.8-3ubuntu1.1
released
hirsute
Fixed 0.8-5ubuntu3
released
impish
Fixed 0.8-5ubuntu3
released
jammy
Fixed 0.8-5ubuntu3
released
trusty
Fixed 0.6.31-4ubuntu1.3+esm1
released
xenial
Fixed 0.6.32~rc+dfsg-1ubuntu2.3+esm1
released
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1939614
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html
https://bugzilla.redhat.com/show_bug.cgi?id=1939614
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html