A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
Published 2021-05-07 12:15:07
Updated 2021-05-17 17:30:26
Source Red Hat, Inc.
View at NVD,   CVE.org

Products affected by CVE-2021-3502

Exploit prediction scoring system (EPSS) score for CVE-2021-3502

0.04%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-3502

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.1
LOW AV:L/AC:L/Au:N/C:N/I:N/A:P
3.9
2.9
NIST
5.5
MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.8
3.6
NIST

CWE ids for CVE-2021-3502

  • The product dereferences a pointer that it expects to be valid but is NULL.
    Assigned by: secalert@redhat.com (Primary)
  • The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
    Assigned by: secalert@redhat.com (Primary)

References for CVE-2021-3502

  • https://github.com/lathiat/avahi/issues/338
    reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) · Issue #338 · lathiat/avahi · GitHub
    Exploit;Third Party Advisory
  • https://bugzilla.redhat.com/show_bug.cgi?id=1946914
    1946914 – (CVE-2021-3502) CVE-2021-3502 avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames
    Exploit;Issue Tracking;Patch;Third Party Advisory
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!