Hi, On Sat, Mar 27, 2021 at 11:48:08PM +0100, Thomas Kremer wrote: > Package: avahi-daemon > Version: 0.8-5 > Severity: important > Tags: security > Control: notfound -1 0.7-4+b1 > > Dear Maintainers, > > I found another local denial-of-service vulnerability in avahi-daemon. > It can be triggered by trying to resolve badly-formatted hostnames on > the /run/avahi-daemon/socket interface (I stumbled upon it, accidentally > trying to resolve an IP as a hostname...) > This time the daemon just dies, and this time buster is not affected. > > Steps to reproduce: > $ (echo "RESOLVE-HOSTNAME a"; sleep 3;) | socat - /run/avahi-daemon/socket > $ ps -FC avahi-daemon > > Same results for these queries: "a.", ".a", "a..b", ".b.c", "a.b.." > > Note that every local user has access to the socket.
This is now CVE-2021-3502. Have you reported the issue to upstream? Regards, Salvatore
