Main Vulnerability Database Vulnerabilities #VU79113

Infinite loop in Avahi - CVE-2021-3468

Published: August 8, 2023 / Updated: April 9, 2026

Vulnerability identifier: #VU79113

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3468

CWE-ID: CWE-835

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: avahi.org

Affected software:
Avahi

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work() function. A local user can consume all available system resources and cause denial of service conditions.

How to mitigate CVE-2021-3468

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=1939614
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html
https://github.com/avahi/avahi/security/advisories/GHSA-mrwc-c54v-3rg8

Infinite loop in Avahi - CVE-2021-3468

Detailed vulnerability description

How to mitigate CVE-2021-3468

Sources

Please verify you're human