{"api_version":"1","generated_at":"2026-04-23T04:11:01+00:00","cve":"CVE-2021-3502","urls":{"html":"https://cve.report/CVE-2021-3502","api":"https://cve.report/api/cve/CVE-2021-3502.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3502","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3502"},"summary":{"title":"CVE-2021-3502","description":"A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-07 12:15:00","updated_at":"2023-11-07 03:38:00"},"problem_types":["CWE-617"],"metrics":[],"references":[{"url":"https://github.com/lathiat/avahi/issues/338","name":"https://github.com/lathiat/avahi/issues/338","refsource":"MISC","tags":[],"title":"reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) · Issue #338 · lathiat/avahi · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914","refsource":"MISC","tags":[],"title":"1946914 – (CVE-2021-3502) CVE-2021-3502 avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3502","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3502","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3502","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avahi","cpe5":"avahi","cpe6":"0.8-5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3502","qid":"161082","title":"Oracle Enterprise Linux Security Update for avahi (ELSA-2023-6707)"},{"cve":"CVE-2021-3502","qid":"181013","title":"Debian Security Update for avahi (CVE-2021-3502)"},{"cve":"CVE-2021-3502","qid":"198430","title":"Ubuntu Security Notification for Avahi vulnerabilities (USN-5008-1)"},{"cve":"CVE-2021-3502","qid":"242395","title":"Red Hat Update for avahi (RHSA-2023:6707)"},{"cve":"CVE-2021-3502","qid":"503098","title":"Alpine Linux Security Update for avahi"},{"cve":"CVE-2021-3502","qid":"505850","title":"Alpine Linux Security Update for avahi"},{"cve":"CVE-2021-3502","qid":"941371","title":"AlmaLinux Security Update for avahi (ALSA-2023:6707)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-3502","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-617->CWE-476","cweId":"CWE-617"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"avahi","version":{"version_data":[{"version_affected":"=","version_value":"0.8-5"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1946914"},{"url":"https://github.com/lathiat/avahi/issues/338","refsource":"MISC","name":"https://github.com/lathiat/avahi/issues/338"}]}},"nvd":{"publishedDate":"2021-05-07 12:15:00","lastModifiedDate":"2023-11-07 03:38:00","problem_types":["CWE-617"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avahi:avahi:0.8-5:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3502","Ordinal":"206689","Title":"CVE-2021-3502","CVE":"CVE-2021-3502","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3502","Ordinal":"1","NoteData":"A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3502","Ordinal":"2","NoteData":"2021-05-07","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3502","Ordinal":"3","NoteData":"2021-05-07","Type":"Other","Title":"Modified"}]}}}