CVE-2021-3502 | Date: (C)2021-05-07 (M)2024-01-04 |
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 5.5 | CVSS Score : 2.1 |
Exploit Score: 1.8 | Exploit Score: 3.9 |
Impact Score: 3.6 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: LOCAL | Access Vector: LOCAL |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: LOW | Authentication: NONE |
User Interaction: NONE | Confidentiality: NONE |
Scope: UNCHANGED | Integrity: NONE |
Confidentiality: NONE | Availability: PARTIAL |
Integrity: NONE | |
Availability: HIGH | |
| |