CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Avahi	Avahi	0.6 (including)	0.8 (including)
Red Hat Enterprise Linux 8	RedHat	avahi-0:0.7-21.el8_9.1	*
Red Hat Enterprise Linux 8	RedHat	avahi-0:0.7-21.el8_9.1	*
Red Hat Enterprise Linux 8.6 Extended Update Support	RedHat	avahi-0:0.7-20.el8_6.3	*
Red Hat Enterprise Linux 8.8 Extended Update Support	RedHat	avahi-0:0.7-20.el8_8.4	*
Red Hat Enterprise Linux 9	RedHat	avahi-0:0.8-15.el9	*
Red Hat Enterprise Linux 9	RedHat	avahi-0:0.8-15.el9	*
Avahi	Ubuntu	bionic	*
Avahi	Ubuntu	devel	*
Avahi	Ubuntu	esm-infra-legacy/trusty	*
Avahi	Ubuntu	esm-infra/bionic	*
Avahi	Ubuntu	esm-infra/focal	*
Avahi	Ubuntu	esm-infra/xenial	*
Avahi	Ubuntu	focal	*
Avahi	Ubuntu	groovy	*
Avahi	Ubuntu	hirsute	*
Avahi	Ubuntu	impish	*
Avahi	Ubuntu	jammy	*
Avahi	Ubuntu	precise/esm	*
Avahi	Ubuntu	trusty	*
Avahi	Ubuntu	trusty/esm	*
Avahi	Ubuntu	upstream	*
Avahi	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-3468
CWE	https://cwe.mitre.org/data/definitions/835.html

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References