Input validation error in Avahi - CVE-2026-58406
Published: July 12, 2026
Avahi
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in avahi_domain_hash when processing mDNS resource records with names containing bytes greater than or equal to 128. A remote attacker can send a specially crafted multicast DNS response packet to cause a denial of service.
The issue affects NetBSD systems on architectures where char is signed and invalid ctype(3) inputs trigger a SIGSEGV.