CVE-2025-68276

EPSS 0.01%
Veröffentlicht 12.01.2026 17:31:49
Zuletzt bearbeitet 16.01.2026 16:51:03
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Avahi has a reachable assertion in avahi_wide_area_scan_cache

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling
the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avahi ≫ Avahi Version < 0.9

Avahi ≫ Avahi Version0.9 Updaterc1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc

Vendor Advisory

https://github.com/avahi/avahi/pull/806

Patch

Issue Tracking

https://github.com/avahi/avahi/commit/ede7048475c5d47d53890e3bc1350dda8e0b3688

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-68276

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68276

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68276

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-68276