CVE-2021-3502
Summary
| CVE | CVE-2021-3502 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-07 12:15:00 UTC |
| Updated | 2023-11-07 03:38:00 UTC |
| Description | A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. |
Risk And Classification
Problem Types: CWE-617
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) · Issue #338 · lathiat/avahi · GitHub | MISC | github.com | |
| 1946914 – (CVE-2021-3502) CVE-2021-3502 avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161082 Oracle Enterprise Linux Security Update for avahi (ELSA-2023-6707)
- 181013 Debian Security Update for avahi (CVE-2021-3502)
- 198430 Ubuntu Security Notification for Avahi vulnerabilities (USN-5008-1)
- 242395 Red Hat Update for avahi (RHSA-2023:6707)
- 503098 Alpine Linux Security Update for avahi
- 505850 Alpine Linux Security Update for avahi
- 941371 AlmaLinux Security Update for avahi (ALSA-2023:6707)