CVE-2026-24401

EPSS 0.04%
Veröffentlicht 24.01.2026 01:25:02
Zuletzt bearbeitet 26.01.2026 15:03:33
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonical name point to the same domain (e.g., "h.local" as a CNAME for "h.local"). This causes unbounded recursion in the lookup_handle_cname function, leading to stack exhaustion. The vulnerability affects record browsers where AVAHI_LOOKUP_USE_MULTICAST is set explicitly, which includes record browsers created by resolvers used by nss-mdns. This issue is patched in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstelleravahi

≫

Produkt avahi

Version < 78eab31128479f06e30beb8c1cbf99dd921e2524

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3

https://github.com/avahi/avahi/issues/501

https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524

https://nvd.nist.gov/vuln/detail/CVE-2026-24401

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-24401

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-24401

EUVD