5.5

CVE-2021-3468

EPSS 0.01%
Published 02.06.2021 16:15:08
Last modified 21.11.2024 06:21:36
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Avahi ≫ Avahi Version >= 0.6 <= 0.8

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html

Third Party Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1939614

Issue Tracking

https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html

https://nvd.nist.gov/vuln/detail/CVE-2021-3468

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3468

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3468

EUVD