CVE-2021-3502

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3502
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3502.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3502
Related
Published
2021-05-07T12:15:07Z
Modified
2024-12-05T15:29:45.399602Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

References

Affected packages

Alpine:v3.18 / avahi

Package

Name
avahi
Purl
pkg:apk/alpine/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-r5

Affected versions

0.*

0.6.28-r0
0.6.28-r1
0.6.28-r2
0.6.29-r0
0.6.30-r0
0.6.30-r1
0.6.30-r2
0.6.30-r3
0.6.30-r4
0.6.31-r0
0.6.31-r1
0.6.31-r2
0.6.31-r3
0.6.31-r4
0.6.31-r5
0.6.31-r6
0.6.31-r7
0.6.31-r8
0.6.32-r0
0.6.32-r1
0.6.32-r2
0.6.32-r3
0.6.32-r4
0.7-r0
0.7-r1
0.7-r2
0.7-r3
0.7-r4
0.8-r0
0.8-r1
0.8-r2
0.8-r3
0.8-r4

Alpine:v3.19 / avahi

Package

Name
avahi
Purl
pkg:apk/alpine/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-r5

Affected versions

0.*

0.6.28-r0
0.6.28-r1
0.6.28-r2
0.6.29-r0
0.6.30-r0
0.6.30-r1
0.6.30-r2
0.6.30-r3
0.6.30-r4
0.6.31-r0
0.6.31-r1
0.6.31-r2
0.6.31-r3
0.6.31-r4
0.6.31-r5
0.6.31-r6
0.6.31-r7
0.6.31-r8
0.6.32-r0
0.6.32-r1
0.6.32-r2
0.6.32-r3
0.6.32-r4
0.7-r0
0.7-r1
0.7-r2
0.7-r3
0.7-r4
0.8-r0
0.8-r1
0.8-r2
0.8-r3
0.8-r4

Alpine:v3.20 / avahi

Package

Name
avahi
Purl
pkg:apk/alpine/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-r5

Affected versions

0.*

0.6.28-r0
0.6.28-r1
0.6.28-r2
0.6.29-r0
0.6.30-r0
0.6.30-r1
0.6.30-r2
0.6.30-r3
0.6.30-r4
0.6.31-r0
0.6.31-r1
0.6.31-r2
0.6.31-r3
0.6.31-r4
0.6.31-r5
0.6.31-r6
0.6.31-r7
0.6.31-r8
0.6.32-r0
0.6.32-r1
0.6.32-r2
0.6.32-r3
0.6.32-r4
0.7-r0
0.7-r1
0.7-r2
0.7-r3
0.7-r4
0.8-r0
0.8-r1
0.8-r2
0.8-r3
0.8-r4

Alpine:v3.21 / avahi

Package

Name
avahi
Purl
pkg:apk/alpine/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-r5

Affected versions

0.*

0.6.28-r0
0.6.28-r1
0.6.28-r2
0.6.29-r0
0.6.30-r0
0.6.30-r1
0.6.30-r2
0.6.30-r3
0.6.30-r4
0.6.31-r0
0.6.31-r1
0.6.31-r2
0.6.31-r3
0.6.31-r4
0.6.31-r5
0.6.31-r6
0.6.31-r7
0.6.31-r8
0.6.32-r0
0.6.32-r1
0.6.32-r2
0.6.32-r3
0.6.32-r4
0.7-r0
0.7-r1
0.7-r2
0.7-r3
0.7-r4
0.8-r0
0.8-r1
0.8-r2
0.8-r3
0.8-r4

Debian:11 / avahi

Package

Name
avahi
Purl
pkg:deb/debian/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-5+deb11u1

Affected versions

0.*

0.8-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / avahi

Package

Name
avahi
Purl
pkg:deb/debian/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / avahi

Package

Name
avahi
Purl
pkg:deb/debian/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}