CVE-2024-52616

Nov. 21, 2024, 9:15 p.m.

5.3
Medium

Description

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Product(s) Impacted

Product Versions
Avahi-daemon

Weaknesses

CWE-334
Small Space of Random Values
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

References

https://access.redhat.com/security/cve/CVE-2024-52616
https://bugzilla.redhat.com/show_bug.cgi?id=2326429

Tags

secalert@redhat.com
2024-11-21
CVE-2024-52616
CWE-334

CVSS Score

5.3 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Date

  • Published: Nov. 21, 2024, 9:15 p.m.
  • Last Modified: Nov. 21, 2024, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.