CVE-2023-38471 - OpenCVE

A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avahi	Avahi
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
avahi-0:0.7-21.el8_9.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7836	2023-12-14T00:00:00Z
avahi-0:0.7-21.el8_9.1	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:7836	2023-12-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
avahi-0:0.7-20.el8_6.3	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:0418	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
avahi-0:0.7-20.el8_8.4	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0576	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
avahi-0:0.8-20.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2433	2024-04-30T00:00:00Z
avahi-0:0.8-20.el9	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:2433	2024-04-30T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-38471
https://bugzilla.redhat.com/show_bug.cgi?id=2191691
https://nvd.nist.gov/vuln/detail/CVE-2023-38471
https://www.cve.org/CVERecord?id=CVE-2023-38471

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-02T14:58:22.628Z

Updated: 2024-08-29T14:17:30.825Z

Reserved: 2023-07-18T09:48:04.753Z

Link: CVE-2023-38471

Vulnrichment

Updated: 2024-08-02T17:39:13.630Z

NVD

Status : Analyzed

Published: 2023-11-02T15:15:08.300

Modified: 2023-11-09T19:58:27.143

Link: CVE-2023-38471

Redhat

Severity : Moderate

Publid Date: 2023-04-26T00:00:00Z

Links: CVE-2023-38471 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38471", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-07-18T09:48:04.753Z", "datePublished": "2023-11-02T14:58:22.628Z", "dateUpdated": "2024-08-29T14:17:30.825Z"}, "containers": {"cna": {"title": "Reachable assertion in dbus_set_host_name", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function."}], "affected": [{"product": "avahi", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "avahi", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38471", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691", "name": "RHBZ#2191691", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-04-26T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-617: Reachable Assertion", "timeline": [{"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-02T14:58:22.628Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.630Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38471", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691", "name": "RHBZ#2191691", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T13:54:56.246487Z", "id": "CVE-2023-38471", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:17:30.825Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38471", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-07-18T09:48:04.753Z", "datePublished": "2023-11-02T14:58:22.628Z", "dateUpdated": "2024-08-29T14:17:30.825Z"}, "containers": {"cna": {"title": "Reachable assertion in dbus_set_host_name", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function."}], "affected": [{"product": "avahi", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "avahi", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38471", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691", "name": "RHBZ#2191691", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-04-26T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-617: Reachable Assertion", "timeline": [{"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-02T14:58:22.628Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.630Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38471", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691", "name": "RHBZ#2191691", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38471", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-29T13:54:56.246487Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:17:25.682Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*", "matchCriteriaId": "6481267F-934F-4A0C-9B25-59738E798458", "versionEndExcluding": "0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Avahi. Existe una afirmaci\u00f3n alcanzable en la funci\u00f3n dbus_set_host_name."}], "id": "CVE-2023-38471", "lastModified": "2023-11-09T19:58:27.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-11-02T15:15:08.300", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-38471"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7836", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "avahi-0:0.7-21.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-14T00:00:00Z"}, {"advisory": "RHSA-2023:7836", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "avahi-0:0.7-21.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-14T00:00:00Z"}, {"advisory": "RHSA-2024:0418", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "avahi-0:0.7-20.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0576", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "avahi-0:0.7-20.el8_8.4", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:2433", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "avahi-0:0.8-20.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2433", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "avahi-0:0.8-20.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "avahi: Reachable assertion in dbus_set_host_name", "id": "2191691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.", "A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function."], "name": "CVE-2023-38471", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-38471\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38471"], "threat_severity": "Moderate"}