CVE-2024-52615 — Use of Insufficiently Random Values in Avahi

CWE-330 — Use of Insufficiently Random Values4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 79.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Avahi

Timeline

PublishedNov 21

Description

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶debiandebian/avahi

🔴Vulnerability Details

OSV

CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries↗2024-11-21

▶

📋Vendor Advisories

Red Hat

avahi: Avahi Wide-Area DNS Uses Constant Source Port↗2024-11-15

▶

Debian

CVE-2024-52615: avahi - A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-ar...↗2024

▶