5.3
CVE-2024-52616
- EPSS 0.2%
- Published 21.11.2024 21:15:24
- Last modified 14.05.2025 00:15:17
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/avahi/avahi/
≫
Package
avahi
Default Statusunaffected
Version <
0.9
Version
0
Status
affected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:0.8-22.el9_6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:0.8-22.el9_6
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 7
Default Statusunknown
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat OpenShift Container Platform 4
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.427 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-334 Small Space of Random Values
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.