ROSA LABROSA-SA-2023-2243Advisory ROSA-SA-2023-2243
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%
Software: avahi 0.7
OS: ROSA Virtualization 2.1
package_evr_string: avahi-0.7-19.0.1.rv3
CVE-ID: CVE-2021-3468
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A bug was discovered in avahi in versions 0.6 through 0.8. The event used to signal the termination of a client connection in the avahi Unix socket is mishandled in the client_work function, allowing a local attacker to run an infinite loop. The biggest threat from this vulnerability is the availability of the avahi service, which stops responding to requests after this vulnerability is triggered.
CVE-STATUS: Fixed
CVE-REV: To close, execute the yum update avahi command
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%