CVE-2021-3502

{"id": "CVE-2021-3502", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-05-07T12:15:07.267", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/lathiat/avahi/issues/338", "tags": ["Exploit", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en avahi versi\u00f3n 0.8-5. Una aserci\u00f3n alcanzable est\u00e1 presente en la funci\u00f3n avahi_s_host_name_resolver_start que permite a un atacante local bloquear el servicio avahi requiriendo resoluciones de nombre de host a trav\u00e9s del socket avahi o m\u00e9todos dbus para nombres de host no v\u00e1lidos. La mayor amenaza de esta vulnerabilidad es la disponibilidad del servicio"}], "lastModified": "2023-11-07T03:38:03.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avahi:avahi:0.8-5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EAEC835-CEC0-4E0E-8D58-0455FC7EA42B"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}