Описание
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonical name point to the same domain (e.g., "h.local" as a CNAME for "h.local"). This causes unbounded recursion in the lookup_handle_cname function, leading to stack exhaustion. The vulnerability affects record browsers where AVAHI_LOOKUP_USE_MULTICAST is set explicitly, which includes record browsers created by resolvers used by nss-mdns. This issue is patched in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.
A flaw was found in Avahi, a system that enables devices to discover services on a local network. A remote attacker can exploit this vulnerability by sending a specially crafted mDNS (multicast Domain Name System) response containing a recursive CNAME (Canonical Name) record. This triggers an uncontrolled recursion within the avahi-daemon process, leading to stack exhaustion and causing the service to crash. This results in a denial of service (DoS) for affected systems.
Отчет
This MODERATE impact flaw in Avahi's avahi-daemon can lead to a denial of service. An attacker on the local network could send a specially crafted, unsolicited mDNS response containing a recursive CNAME record, causing unbounded recursion and a crash. This affects systems where Avahi's record browsers explicitly use multicast, such as those utilizing nss-mdns.
Меры по смягчению последствий
To mitigate this issue, disable the avahi-daemon service if mDNS/DNS-SD functionality is not required on the system.
Disabling this service may impact applications relying on mDNS for local network service discovery. A system reboot or service reload may be required for the changes to take full effect.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | avahi | Fix deferred | ||
| Red Hat Enterprise Linux 6 | avahi | Fix deferred | ||
| Red Hat Enterprise Linux 7 | avahi | Fix deferred | ||
| Red Hat Enterprise Linux 8 | avahi | Fix deferred | ||
| Red Hat Enterprise Linux 9 | avahi | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonical name point to the same domain (e.g., "h.local" as a CNAME for "h.local"). This causes unbounded recursion in the lookup_handle_cname function, leading to stack exhaustion. The vulnerability affects record browsers where AVAHI_LOOKUP_USE_MULTICAST is set explicitly, which includes record browsers created by resolvers used by nss-mdns. This issue is patched in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonical name point to the same domain (e.g., "h.local" as a CNAME for "h.local"). This causes unbounded recursion in the lookup_handle_cname function, leading to stack exhaustion. The vulnerability affects record browsers where AVAHI_LOOKUP_USE_MULTICAST is set explicitly, which includes record browsers created by resolvers used by nss-mdns. This issue is patched in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.
Avahi is a system which facilitates service discovery on a local netwo ...
EPSS
6.5 Medium
CVSS3