Vulnerability Database

310,379

Total vulnerabilities in the database

CVE-2021-3502

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

Published: May 7, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-3502
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-476
CWE-617

Affected Software
References

Software	From	Fixed in
avahi / avahi	0.8-5	0.8-5.x

https://bugzilla.redhat.com/show_bug.cgi?id=1946914
https://github.com/lathiat/avahi/issues/338

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo