Search CVE reports

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts...

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks,...

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502 instead of this candidate. All references...