CVE-2025-68468

Опубликовано: 12 янв. 2026

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they expire avahi-daemon crashes.

A flaw was found in Avahi. A remote attacker can cause a Denial of Service (DoS) by sending specially crafted unsolicited announcements containing CNAME resource records. These records, when pointing to other resource records with short Time-To-Live (TTL) values, can lead to the avahi-daemon crashing once they expire. This vulnerability impacts the availability of services relying on Avahi's service discovery.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	avahi	Fix deferred
Red Hat Enterprise Linux 6	avahi	Fix deferred
Red Hat Enterprise Linux 7	avahi	Fix deferred
Red Hat Enterprise Linux 8	avahi	Fix deferred
Red Hat Enterprise Linux 9	avahi	Fix deferred
Red Hat OpenShift Container Platform 4	rhcos	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=2428714avahi: Avahi: Denial of Service via crafted mDNS/DNS-SD announcements

EPSS

Процентиль: 2%

0.00014

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-68468

CVSS3: 6.5

ubuntu

3 месяца назад

CVE-2025-68468

CVSS3: 6.5

nvd

3 месяца назад

CVE-2025-68468

CVSS3: 6.5

msrc

3 месяца назад

Avahi has a reachable assertion in lookup_multicast_callback

CVE-2025-68468

CVSS3: 6.5

debian

3 месяца назад

Avahi is a system which facilitates service discovery on a local netwo ...

ROS-20260216-73-0015

CVSS3: 6.5

redos

около 1 месяца назад

Уязвимость avahi

EPSS

Процентиль: 2%

0.00014

Низкий

6.5 Medium

CVSS3