Home > Vulnerability Database > CVE-2021-3468

Mend.io Vulnerability Database

CVE-2021-3468

Date: June 2, 2021

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Language: C

Severity Score

5.5

Related Resources (11)

Url: https://security.archlinux.org/CVE-2021-3468

Url: https://security-tracker.debian.org/tracker/CVE-2021-3468

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3468

Url: https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html

Url: https://security.alpinelinux.org/vuln/CVE-2021-3468

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1939614

Url: https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3468

Url: https://access.redhat.com/security/cve/CVE-2021-3468

Url: https://www.mend.io/vulnerability-database/CVE-2021-3468

Severity Score

5.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3468

Date: June 2, 2021

Language: C

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?