CVE-2024-52616

Published Nov 21, 2024

Last updated 3 months ago

CVSS medium 5.3

Overview

Description
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
Source
secalert@redhat.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

secalert@redhat.com
CWE-334

Social media

Hype score
Not currently trending

  1. CVE-2024-52616 A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predicta… https://t.co/EBqFyKumX2

    @CVEnew

    21 Nov 2024

    568 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References