CVE-2021-3468

low-risk

Published 2021-06-02

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Avahi

Debian Linux

Affected Vendors

Debian Avahi

References (6)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1939614

Mailing List https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html

https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1939614

Mailing List https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html

https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low