Reachable assertion in Avahi - CVE-2026-59987
Published: July 12, 2026
Avahi
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to reachable assertion in dbus_prepare_record_browser_object when handling a D-Bus RecordBrowserNew method call with a crafted name that passes validation but cannot be normalized. A local user can send a specially crafted D-Bus method call to cause a denial of service.