CVE-2025-68471

Source
https://cve.org/CVERecord?id=CVE-2025-68471
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68471.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68471
Aliases
  • GHSA-56rf-42xr-qmmg
Downstream
Related
Published
2026-01-12T17:39:57.416Z
Modified
2026-07-15T01:49:08.979522381Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Avahi has a reachable assertion in lookup_start
Details

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-617"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68471.json"
}
References

Affected packages

Git / github.com/avahi/avahi

Affected ranges

Type
GIT
Repo
https://github.com/avahi/avahi
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:avahi:avahi:0.9:rc1:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.9-rc1"
        },
        {
            "last_affected": "0.9-rc1"
        }
    ]
}

Affected versions

0.*
0.9-rc1
v0.*
v0.9-rc1
v0.9-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68471.json"