Hi,
On Sat, Mar 27, 2021 at 08:29:36PM +0100, Salvatore Bonaccorso wrote:
> Control: forwarded -1 https://github.com/lathiat/avahi/pull/330
> Control: retitle -1 avahi: CVE-2021-3468: local DoS by event-busy-loop from
> writing long lines to /run/avahi-daemon/socket
>
> On Fri, Mar 26, 2021 at
Control: forwarded -1 https://github.com/lathiat/avahi/pull/330
Control: retitle -1 avahi: CVE-2021-3468: local DoS by event-busy-loop from
writing long lines to /run/avahi-daemon/socket
On Fri, Mar 26, 2021 at 12:22:29PM +0100, Riccardo Schirone wrote:
> I have requested a CVE through Red Hat.
I have requested a CVE through Red Hat.
I'm proposing a patch upstream[1].
Additional details about the flaw at [2].
[1] https://github.com/lathiat/avahi/pull/330
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
Thanks,
--
Riccardo Schirone
Red Hat -- Product Security
Email:
Package: avahi-daemon
Version: 0.7-4+b1
Severity: important
Tags: security
Dear Maintainers,
I found a local denial-of-service vulnerability in avahi-daemon. It can
be triggered by writing long lines to /run/avahi-daemon/socket and
results in an unresponsive busy-loop of the daemon.
Steps to
4 matches
Mail list logo