Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-59529

Опубликовано: 18 дек. 2025
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTS_MAX is defined, server_work() unconditionally accept()s and client_new() always appends the new client and increments n_clients. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve *.local. names and link-local addresses. As of time of publication, no known patched ve

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*
Версия до 0.9 (исключая)
cpe:2.3:a:avahi:avahi:0.9:rc1:*:*:*:*:*:*

EPSS

Процентиль: 6%
0.00025
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2025-59529

CVSS3: 5.5
ubuntu
около 2 месяцев назад

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX` is defined, `server_work()` unconditionally `accept()`s and `client_new()` always appends the new client and increments `n_clients`. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve `*.local.` names and link-local addresses. As of time of publication, no known patched...

msrc логотип

CVE-2025-59529

msrc
около 2 месяцев назад

simple protocol server ignores accepts unlimited connections and logs failures without limit

debian логотип

CVE-2025-59529

CVSS3: 5.5
debian
около 2 месяцев назад

Avahi is a system which facilitates service discovery on a local netwo ...

EPSS

Процентиль: 6%
0.00025
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-400