Описание
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTS_MAX is defined, server_work() unconditionally accept()s and client_new() always appends the new client and increments n_clients. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve *.local. names and link-local addresses. As of time of publication, no known patched...
| Релиз | Статус | Примечание |
|---|---|---|
| devel | deferred | 2026-01-05 |
| esm-infra-legacy/trusty | deferred | 2026-01-05 |
| esm-infra/bionic | deferred | 2026-01-05 |
| esm-infra/focal | deferred | 2026-01-05 |
| esm-infra/xenial | deferred | 2026-01-05 |
| jammy | deferred | 2026-01-05 |
| noble | deferred | 2026-01-05 |
| plucky | ignored | end of life, was deferred [2026-01-05] |
| questing | deferred | 2026-01-05 |
| upstream | needs-triage |
Показывать по
5.5 Medium
CVSS3
Связанные уязвимости
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX` is defined, `server_work()` unconditionally `accept()`s and `client_new()` always appends the new client and increments `n_clients`. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve `*.local.` names and link-local addresses. As of time of publication, no known patched ve
simple protocol server ignores accepts unlimited connections and logs failures without limit
Avahi is a system which facilitates service discovery on a local netwo ...
5.5 Medium
CVSS3