CVE-2024-52615

Summary

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Affected Software

VendorProductVersion RangeStatus
0 < 0.9affected
Red HatRed Hat Enterprise Linux 100:0.9~rc2-1.el10_0.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:0.8-22.el9_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:0.8-22.el9_6.1 < *unaffected

Weaknesses

  • CWE-330: Use of Insufficiently Random Values

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References