Описание
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.8-17ubuntu2 |
| esm-infra-legacy/trusty | released | 0.6.31-4ubuntu1.3+esm4 |
| esm-infra/bionic | released | 0.7-3.1ubuntu1.3+esm3 |
| esm-infra/focal | released | 0.7-4ubuntu7.3+esm1 |
| esm-infra/xenial | released | 0.6.32~rc+dfsg-1ubuntu2.3+esm4 |
| jammy | released | 0.8-5ubuntu5.4 |
| noble | released | 0.8-13ubuntu6.1 |
| plucky | ignored | end of life, was needs-triage |
| questing | released | 0.8-16ubuntu3.1 |
| upstream | needs-triage |
Показывать по
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.
Avahi has a reachable assertion in avahi_wide_area_scan_cache
Avahi is a system which facilitates service discovery on a local netwo ...
Уязвимость системы обнаружения сервисов в локальной сети Avahi, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3