Home > Vulnerability Database > CVE-2021-3502

Mend.io Vulnerability Database

CVE-2021-3502

Good to know:

Date: May 7, 2021

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

Language: C

Severity Score

5.5

Related Resources (8)

Url: https://security.archlinux.org/CVE-2021-3502

Url: https://security-tracker.debian.org/tracker/CVE-2021-3502

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1946914

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3502

Url: https://github.com/lathiat/avahi/issues/338

Url: https://access.redhat.com/security/cve/CVE-2021-3502

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3502

Url: https://www.mend.io/vulnerability-database/CVE-2021-3502

Severity Score

5.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Reachable Assertion

CWE-617

Top Fix

Upgrade Version

Upgrade to version avahi-ui - no_fix;avahi - no_fix

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3502

Good to know:

Date: May 7, 2021

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?