Suggestions search

All statuses

Filter by:

With package: guile-avahi

Found 3 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-34933

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 weeks ago

Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.

References

https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc x_refsource_CONFIRM
https://github.com/avahi/avahi/pull/891 x_refsource_MISC
https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c x_refsource_MISC

Affected products

avahi

==< 0.9-rc4

Matching in nixpkgs

pkgs.avahi

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.guile-avahi

Bindings to Avahi for GNU Guile

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1
nixos-25.11 0.4.1
- nixos-25.11-small 0.4.1
- nixpkgs-25.11-darwin 0.4.1

pkgs.avahi-compat

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.haskellPackages.avahi

Minimal DBus bindings for Avahi daemon (http://avahi.org)

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.python312Packages.avahi

mDNS/DNS-SD implementation

nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.python313Packages.avahi

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixos-25.11-small 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.python314Packages.avahi

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8

Package maintainers

@lovek323 Jason O'Conal <jason@oconal.id.au>
@globin Robin Gloster <mail@glob.in>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>

Untriaged

Permalink CVE-2024-52616

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months, 2 weeks ago

Avahi: avahi wide-area dns predictable transaction ids

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

References

https://access.redhat.com/security/cve/CVE-2024-52616 vdb-entryx_refsource_REDHAT
RHBZ#2326429 issue-trackingx_refsource_REDHAT
RHSA-2025:7437 vendor-advisoryx_refsource_REDHAT

Affected products

avahi

*
<0.9

rhcos

Matching in nixpkgs

pkgs.avahi

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.guile-avahi

Bindings to Avahi for GNU Guile

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1
nixos-25.11 0.4.1
- nixpkgs-25.11-darwin 0.4.1

pkgs.avahi-compat

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.haskellPackages.avahi

Minimal DBus bindings for Avahi daemon (http://avahi.org)

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.python312Packages.avahi

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixpkgs-25.11-darwin 0.8

pkgs.python313Packages.avahi

mDNS/DNS-SD implementation

nixos-unstable 0.8
- nixpkgs-unstable 0.8
- nixos-unstable-small 0.8
nixos-25.11 0.8
- nixpkgs-25.11-darwin 0.8

Package maintainers

@globin Robin Gloster <mail@glob.in>
@lovek323 Jason O'Conal <jason@oconal.id.au>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>

Untriaged

Permalink CVE-2026-24401

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 months, 3 weeks ago

Avahi has Uncontrolled Recursion in lookup_handle_cname function

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonical name point to the same domain (e.g., "h.local" as a CNAME for "h.local"). This causes unbounded recursion in the lookup_handle_cname function, leading to stack exhaustion. The vulnerability affects record browsers where AVAHI_LOOKUP_USE_MULTICAST is set explicitly, which includes record browsers created by resolvers used by nss-mdns. This issue is patched in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.