search

Chiencc / asuswrt-gt-ac5300

asuswrt-gt-ac5300
Other
0 stars 0 forks source link

avahiv0.8: 3 vulnerabilities (highest severity is: 5.5) - autoclosed #90

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - avahiv0.8

Avahi - Service Discovery for Linux using mDNS/DNS-SD -- compatible with Bonjour

Library home page: https://github.com/lathiat/avahi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (2)

/release/src/router/avahi/avahi-daemon/simple-protocol.c /release/src/router/avahi/avahi-daemon/simple-protocol.c

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (avahiv0.8 version) Remediation Available
CVE-2021-3468 Medium 5.5 avahiv0.8 Direct N/A
CVE-2021-3502 Medium 5.5 avahiv0.8 Direct N/A
CVE-2023-1981 Medium 5.5 avahiv0.8 Direct N/A

Details

CVE-2021-3468 ### Vulnerable Library - avahiv0.8

Avahi - Service Discovery for Linux using mDNS/DNS-SD -- compatible with Bonjour

Library home page: https://github.com/lathiat/avahi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/avahi/avahi-daemon/simple-protocol.c /release/src/router/avahi/avahi-daemon/simple-protocol.c

### Vulnerability Details

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Publish Date: 2021-06-02

URL: CVE-2021-3468

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2021-3502 ### Vulnerable Library - avahiv0.8

Avahi - Service Discovery for Linux using mDNS/DNS-SD -- compatible with Bonjour

Library home page: https://github.com/lathiat/avahi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/avahi/avahi-core/resolve-host-name.c /release/src/router/avahi/avahi-core/resolve-host-name.c /release/src/router/avahi/avahi-core/resolve-host-name.c

### Vulnerability Details

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

Publish Date: 2021-05-07

URL: CVE-2021-3502

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2023-1981 ### Vulnerable Library - avahiv0.8

Avahi - Service Discovery for Linux using mDNS/DNS-SD -- compatible with Bonjour

Library home page: https://github.com/lathiat/avahi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/avahi/avahi-daemon/dbus-protocol.c /release/src/router/avahi/avahi-daemon/dbus-protocol.c /release/src/router/avahi/avahi-daemon/dbus-protocol.c

### Vulnerability Details

A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

Publish Date: 2023-05-26

URL: CVE-2023-1981

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #91

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #91