{"containers": {"cna": {"affected": [{"product": "avahi", "vendor": "n/a", "versions": [{"status": "affected", "version": "0.8-5"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "CWE-617->CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-07T11:46:21", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/lathiat/avahi/issues/338"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.966Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lathiat/avahi/issues/338"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3502", "datePublished": "2021-05-07T11:46:21", "dateReserved": "2021-04-15T00:00:00", "dateUpdated": "2024-08-03T16:53:17.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avahi:avahi:0.8-5:*:*:*:*:*:*:*", "matchCriteriaId": "9EAEC835-CEC0-4E0E-8D58-0455FC7EA42B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en avahi versi\u00f3n 0.8-5. Una aserci\u00f3n alcanzable est\u00e1 presente en la funci\u00f3n avahi_s_host_name_resolver_start que permite a un atacante local bloquear el servicio avahi requiriendo resoluciones de nombre de host a trav\u00e9s del socket avahi o m\u00e9todos dbus para nombres de host no v\u00e1lidos. La mayor amenaza de esta vulnerabilidad es la disponibilidad del servicio"}], "id": "CVE-2021-3502", "lastModified": "2023-11-07T03:38:03.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-07T12:15:07.267", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/lathiat/avahi/issues/338"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6707", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "avahi-0:0.8-15.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6707", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "avahi-0:0.8-15.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames", "id": "1946914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617->CWE-476", "details": ["A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.", "A flaw was found in avahi. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability."], "name": "CVE-2021-3502", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-03-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3502\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3502"], "statement": "This issue did not affect the versions of avahi as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.", "threat_severity": "Moderate"}