Main Vulnerability Database Vulnerabilities #VU79113

#VU79113 Infinite loop in Avahi - CVE-2021-3468

Published: August 8, 2023

Vulnerability identifier: #VU79113

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3468

CWE-ID: CWE-835

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Avahi

Software vendor:
avahi.org

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work() function. A local user can consume all available system resources and cause denial of service conditions.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=1939614
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html