AZL-53756

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53756.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-53756

Upstream

CVE-2024-52616

Published

2024-11-21T21:15:24Z

Modified

2026-04-01T05:18:07.702682Z

Summary

CVE-2024-52616 affecting package avahi for versions less than 0.8-4

Details

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-52616

Affected packages

Azure Linux:2 / avahi

Package

Name: avahi
Purl: pkg:rpm/azure-linux/avahi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53756.json"