| CVE-2026-34933 |
BDSA-2026-6100 |
Medium |
Apr 03, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2026-24401 |
BDSA-2026-1087 |
Medium |
Jan 24, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonical name point to the same domain (e.g., "h.local" as a CNAME for "h.local"). This causes unbounded recursion in the lookup_handle_cname function, leading to stack exhaustion. The vulnerability affects record browsers where AVAHI_LOOKUP_USE_MULTICAST is set explicitly, which includes record browsers created by resolvers used by nss-mdns. This issue is patched in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2025-68471 |
BDSA-2025-107021 |
Medium |
Jan 12, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can b
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2025-68468 |
BDSA-2025-107003 |
Medium |
Jan 12, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can b
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they expire avahi-daemon crashes.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2025-68276 |
BDSA-2025-107022 |
Medium |
Jan 12, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged lo
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling
the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2025-59529 |
BDSA-2025-73404 |
Medium |
Dec 18, 2025 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, t
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX` is defined, `server_work()` unconditionally `accept()`s and `client_new()` always appends the new client and increments `n_clients`. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve `*.local.` names and link-local addresses. As of time of publication, no known patched versions are available, but a candidate fix is available in pull request 808, and some workarounds are available. Simple clients are offered for nss-mdns package functionality. It is not possible to disable the unix socket `/run/avahi-daemon/socket`, but resolution requests received via DBus are not affected directly. Tools avahi-resolve, avahi-resolve-address and avahi-resolve-host-name are not affected, they use DBus interface. It is possible to change permissions of unix socket after avahi-daemon is started. But avahi-daemon does not provide any configuration for it. Additional access restrictions like SELinux can also prevent unwanted tools to access the socket and keep resolution working for trusted users.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38473 |
BDSA-2023-2707 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38472 |
BDSA-2023-2706 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38471 |
BDSA-2023-2705 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38470 |
BDSA-2023-2704 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
