{"api_version":"1","generated_at":"2026-04-23T00:40:31+00:00","cve":"CVE-2021-3468","urls":{"html":"https://cve.report/CVE-2021-3468","api":"https://cve.report/api/cve/CVE-2021-3468.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3468","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3468"},"summary":{"title":"CVE-2021-3468","description":"A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-06-02 16:15:00","updated_at":"2023-06-22 02:15:00"},"problem_types":["CWE-835"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614","refsource":"MISC","tags":[],"title":"1939614 – (CVE-2021-3468) CVE-2021-3468 avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html","name":"[debian-lts-announce] 20220607 [SECURITY] [DLA 3047-1] avahi security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3047-1] avahi security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3466-1] avahi security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3468","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3468","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3468","vulnerable":"1","versionEndIncluding":"0.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avahi","cpe5":"avahi","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3468","qid":"161082","title":"Oracle Enterprise Linux Security Update for avahi (ELSA-2023-6707)"},{"cve":"CVE-2021-3468","qid":"161245","title":"Oracle Enterprise Linux Security Update for avahi (ELSA-2023-7836)"},{"cve":"CVE-2021-3468","qid":"174987","title":"SUSE Enterprise Linux Security Update for avahi (SUSE-SU-2021:1494-1)"},{"cve":"CVE-2021-3468","qid":"174988","title":"SUSE Enterprise Linux Security Update for avahi (SUSE-SU-2021:1493-1)"},{"cve":"CVE-2021-3468","qid":"179359","title":"Debian Security Update for avahi (DLA 3047-1)"},{"cve":"CVE-2021-3468","qid":"184853","title":"Debian Security Update for avahi (CVE-2021-3468)"},{"cve":"CVE-2021-3468","qid":"198430","title":"Ubuntu Security Notification for Avahi vulnerabilities (USN-5008-1)"},{"cve":"CVE-2021-3468","qid":"242395","title":"Red Hat Update for avahi (RHSA-2023:6707)"},{"cve":"CVE-2021-3468","qid":"242623","title":"Red Hat Update for avahi (RHSA-2023:7836)"},{"cve":"CVE-2021-3468","qid":"242747","title":"Red Hat Update for avahi (RHSA-2024:0418)"},{"cve":"CVE-2021-3468","qid":"242797","title":"Red Hat Update for avahi (RHSA-2024:0576)"},{"cve":"CVE-2021-3468","qid":"296053","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)"},{"cve":"CVE-2021-3468","qid":"356756","title":"Amazon Linux Security Advisory for avahi : ALAS2-2023-2372"},{"cve":"CVE-2021-3468","qid":"379643","title":"Alibaba Cloud Linux Security Update for avahi (ALINUX3-SA-2024:0035)"},{"cve":"CVE-2021-3468","qid":"500042","title":"Alpine Linux Security Update for avahi"},{"cve":"CVE-2021-3468","qid":"501380","title":"Alpine Linux Security Update for avahi"},{"cve":"CVE-2021-3468","qid":"501728","title":"Alpine Linux Security Update for avahi"},{"cve":"CVE-2021-3468","qid":"503870","title":"Alpine Linux Security Update for avahi"},{"cve":"CVE-2021-3468","qid":"6000080","title":"Debian Security Update for avahi (DLA 3466-1)"},{"cve":"CVE-2021-3468","qid":"670594","title":"EulerOS Security Update for avahi (EulerOS-SA-2021-2352)"},{"cve":"CVE-2021-3468","qid":"670696","title":"EulerOS Security Update for avahi (EulerOS-SA-2021-2454)"},{"cve":"CVE-2021-3468","qid":"670734","title":"EulerOS Security Update for avahi (EulerOS-SA-2021-2492)"},{"cve":"CVE-2021-3468","qid":"670889","title":"EulerOS Security Update for avahi (EulerOS-SA-2021-2352)"},{"cve":"CVE-2021-3468","qid":"750101","title":"SUSE Enterprise Linux Security Update for avahi (SUSE-SU-2021:1845-1)"},{"cve":"CVE-2021-3468","qid":"750105","title":"SUSE Enterprise Linux Security Update for avahi (SUSE-SU-2021:1494-2)"},{"cve":"CVE-2021-3468","qid":"750109","title":"SUSE Enterprise Linux Security Update for avahi (SUSE-SU-2021:1493-2)"},{"cve":"CVE-2021-3468","qid":"750221","title":"OpenSUSE Security Update for avahi (openSUSE-SU-2021:0694-1)"},{"cve":"CVE-2021-3468","qid":"750789","title":"OpenSUSE Security Update for avahi (openSUSE-SU-2021:1845-1)"},{"cve":"CVE-2021-3468","qid":"901604","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for avahi (6324-1)"},{"cve":"CVE-2021-3468","qid":"941371","title":"AlmaLinux Security Update for avahi (ALSA-2023:6707)"},{"cve":"CVE-2021-3468","qid":"941504","title":"AlmaLinux Security Update for avahi (ALSA-2023:7836)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-3468","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-835","cweId":"CWE-835"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"avahi","version":{"version_data":[{"version_affected":"=","version_value":"All avahi versions 0.6 up to 0.8"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1939614"},{"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html"}]}},"nvd":{"publishedDate":"2021-06-02 16:15:00","lastModifiedDate":"2023-06-22 02:15:00","problem_types":["CWE-835"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*","versionStartIncluding":"0.6","versionEndIncluding":"0.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3468","Ordinal":"204458","Title":"CVE-2021-3468","CVE":"CVE-2021-3468","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3468","Ordinal":"1","NoteData":"A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3468","Ordinal":"2","NoteData":"2021-06-02","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3468","Ordinal":"3","NoteData":"2021-06-02","Type":"Other","Title":"Modified"}]}}}