| CVE-2025-68471 |
|
Medium |
Jan 12, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can b
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2025-68468 |
|
Medium |
Jan 12, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can b
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they expire avahi-daemon crashes.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2025-68276 |
|
Medium |
Jan 12, 2026 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged lo
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling
the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2025-59529 |
BDSA-2025-73404 |
Medium |
Dec 18, 2025 |
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, t
more...
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX` is defined, `server_work()` unconditionally `accept()`s and `client_new()` always appends the new client and increments `n_clients`. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve `*.local.` names and link-local addresses. As of time of publication, no known patched versions are available, but a candidate fix is available in pull request 808, and some workarounds are available. Simple clients are offered for nss-mdns package functionality. It is not possible to disable the unix socket `/run/avahi-daemon/socket`, but resolution requests received via DBus are not affected directly. Tools avahi-resolve, avahi-resolve-address and avahi-resolve-host-name are not affected, they use DBus interface. It is possible to change permissions of unix socket after avahi-daemon is started. But avahi-daemon does not provide any configuration for it. Additional access restrictions like SELinux can also prevent unwanted tools to access the socket and keep resolution working for trusted users.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38473 |
BDSA-2023-2707 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38472 |
BDSA-2023-2706 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38471 |
BDSA-2023-2705 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38470 |
BDSA-2023-2704 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-38469 |
BDSA-2023-2703 |
Medium |
Nov 02, 2023 |
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
less...
|
0.8, 0.7, 0.6.32, 0.6.31, 0.6.30, 0.6.25, 0.6.23, 0.6.21, 0.6.18, 0.6.16
|
| CVE-2023-1981 |
BDSA-2022-4142 |
Medium |
May 26, 2023 |
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
less...
|
0.8, 0.7, 0.6.31, 0.6.25
|
