Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68471

Опубликовано: 12 янв. 2026
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

A flaw was found in Avahi, a system that enables devices to discover services on a local network using the mDNS/DNS-SD (Multicast Domain Name System/DNS-based Service Discovery) protocols. A remote attacker can exploit this by sending two specific network messages, known as unsolicited announcements with CNAME resource records, within a two-second timeframe. This action can cause the avahi-daemon process to crash, leading to a Denial of Service (DoS) for the affected system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10avahiFix deferred
Red Hat Enterprise Linux 6avahiFix deferred
Red Hat Enterprise Linux 7avahiFix deferred
Red Hat Enterprise Linux 8avahiFix deferred
Red Hat Enterprise Linux 9avahiFix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=2428717avahi: Avahi: Denial of Service via unsolicited CNAME announcements

EPSS

Процентиль: 4%
0.00017
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-68471

CVSS3: 6.5
ubuntu
3 месяца назад

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

nvd логотип

CVE-2025-68471

CVSS3: 6.5
nvd
3 месяца назад

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

msrc логотип

CVE-2025-68471

CVSS3: 6.5
msrc
3 месяца назад

Avahi has a reachable assertion in lookup_start

debian логотип

CVE-2025-68471

CVSS3: 6.5
debian
3 месяца назад

Avahi is a system which facilitates service discovery on a local netwo ...

fstec логотип

BDU:2026-03599

CVSS3: 6.5
fstec
3 месяца назад

Уязвимость системы обнаружения сервисов в локальной сети Avahi, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%
0.00017
Низкий

6.5 Medium

CVSS3