DEBIAN-CVE-2021-3468

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2021-3468
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-3468.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-3468
Upstream
Published
2021-06-02T16:15:08Z
Modified
2025-09-19T07:31:39.478694Z
Summary
[none]
Details

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

References

Affected packages

Debian:11 / avahi

Package

Name
avahi
Purl
pkg:deb/debian/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-5+deb11u2

Affected versions

0.*

0.8-5
0.8-5+deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / avahi

Package

Name
avahi
Purl
pkg:deb/debian/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-7

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / avahi

Package

Name
avahi
Purl
pkg:deb/debian/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-7

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / avahi

Package

Name
avahi
Purl
pkg:deb/debian/avahi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-7

Ecosystem specific 

{
    "urgency": "not yet assigned"
}