14 matches found
RLSA-2026:20597 Moderate: glibc security update
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...
gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames
...
CVE-2026-4438
Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...
CVE-2026-25679
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...
Ubuntu 16.04 LTS / 18.04 LTS : Kea DHCP vulnerabilities (USN-7759-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7759-1 advisory. It was discovered that Kea DHCP did not correctly handle invalid hostnames. A remote attacker could possibly use this issue to cause a denial of...
USN-7759-1 isc-kea vulnerabilities
It was discovered that Kea DHCP did not correctly handle invalid hostnames. A remote attacker could possibly use this issue to cause a denial of service...
USN-7759-1: Kea DHCP vulnerabilities
It was discovered that Kea DHCP did not correctly handle invalid hostnames. A remote attacker could possibly use this issue to cause a denial of service...
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
...
avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames
A flaw was found in avahi. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is...
SUSE CVE-2021-3502
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...
Denial Of Service (DoS)
avahi is vulnerable to Denial of Service DoS attacks. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames...
AZL-6743 CVE-2021-22931 affecting package nodejs for versions less than 16.14.0-1
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...
AZL-40943 CVE-2021-3502 affecting package avahi for versions less than 0.8-1
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...
UBUNTU-CVE-2021-3502
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...