Link Following Affecting avahi package, versions *



    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.04% (6th percentile)
Expand this section
7.8 high
Expand this section
7.8 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-UBUNTU1804-AVAHI-1076778
  • published 19 Feb 2021
  • disclosed 17 Feb 2021

How to fix?

There is no fixed version for Ubuntu:18.04 avahi.

NVD Description

Note: Versions mentioned in the description apply only to the upstream avahi package and not the avahi package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status. in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.