CVE-2023-38472 - OpenCVE

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avahi	Avahi
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
avahi-0:0.7-21.el8_9.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7836	2023-12-14T00:00:00Z
avahi-0:0.7-21.el8_9.1	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:7836	2023-12-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
avahi-0:0.7-20.el8_6.3	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:0418	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
avahi-0:0.7-20.el8_8.4	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0576	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
avahi-0:0.8-20.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2433	2024-04-30T00:00:00Z
avahi-0:0.8-20.el9	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:2433	2024-04-30T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-38472
https://bugzilla.redhat.com/show_bug.cgi?id=2191692
https://nvd.nist.gov/vuln/detail/CVE-2023-38472
https://www.cve.org/CVERecord?id=CVE-2023-38472

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-02T14:59:24.996Z

Updated: 2024-08-29T14:17:10.800Z

Reserved: 2023-07-18T09:48:04.753Z

Link: CVE-2023-38472

Vulnrichment

Updated: 2024-08-02T17:39:13.632Z

NVD

Status : Analyzed

Published: 2023-11-02T15:15:08.363

Modified: 2023-11-09T19:58:11.570

Link: CVE-2023-38472

Redhat

Severity : Moderate

Publid Date: 2023-04-26T00:00:00Z

Links: CVE-2023-38472 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38472", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-07-18T09:48:04.753Z", "datePublished": "2023-11-02T14:59:24.996Z", "dateUpdated": "2024-08-29T14:17:10.800Z"}, "containers": {"cna": {"title": "Reachable assertion in avahi_rdata_parse", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function."}], "affected": [{"product": "avahi", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "avahi", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38472", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692", "name": "RHBZ#2191692", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-04-26T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-617: Reachable Assertion", "timeline": [{"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-02T14:59:24.996Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.632Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38472", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692", "name": "RHBZ#2191692", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T13:55:06.065680Z", "id": "CVE-2023-38472", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:17:10.800Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38472", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-07-18T09:48:04.753Z", "datePublished": "2023-11-02T14:59:24.996Z", "dateUpdated": "2024-08-29T14:17:10.800Z"}, "containers": {"cna": {"title": "Reachable assertion in avahi_rdata_parse", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function."}], "affected": [{"product": "avahi", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "avahi", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38472", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692", "name": "RHBZ#2191692", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-04-26T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-617: Reachable Assertion", "timeline": [{"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-02T14:59:24.996Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.632Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38472", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692", "name": "RHBZ#2191692", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38472", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-29T13:55:06.065680Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:17:00.740Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*", "matchCriteriaId": "6481267F-934F-4A0C-9B25-59738E798458", "versionEndExcluding": "0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Avahi. Existe una afirmaci\u00f3n alcanzable en la funci\u00f3n avahi_rdata_parse()."}], "id": "CVE-2023-38472", "lastModified": "2023-11-09T19:58:11.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-11-02T15:15:08.363", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-38472"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7836", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "avahi-0:0.7-21.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-14T00:00:00Z"}, {"advisory": "RHSA-2023:7836", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "avahi-0:0.7-21.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-14T00:00:00Z"}, {"advisory": "RHSA-2024:0418", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "avahi-0:0.7-20.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0576", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "avahi-0:0.7-20.el8_8.4", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:2433", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "avahi-0:0.8-20.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2433", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "avahi-0:0.8-20.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "avahi: Reachable assertion in avahi_rdata_parse", "id": "2191692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.", "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function."], "name": "CVE-2023-38472", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-38472\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38472"], "threat_severity": "Moderate"}