Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-52615

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 6 months ago

Avahi: avahi wide-area dns uses constant source port

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

References

https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
RHSA-2025:11402 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
RHSA-2025:11402 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT
RHSA-2025:11402 x_refsource_REDHAT vendor-advisory
RHSA-2025:16441 x_refsource_REDHAT vendor-advisory
RHSA-2025:11402 x_refsource_REDHAT vendor-advisory
RHSA-2025:16441 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52615 x_refsource_REDHAT vdb-entry
RHBZ#2326418 issue-tracking x_refsource_REDHAT

Affected products

avahi

<0.9
*

rhcos

Matching in nixpkgs

pkgs.avahi

mDNS/DNS-SD implementation

nixos-unstable -
- nixpkgs-unstable 0.8

pkgs.guile-avahi

Bindings to Avahi for GNU Guile

nixos-unstable -
- nixpkgs-unstable 0.4.1

pkgs.avahi-compat

mDNS/DNS-SD implementation

nixos-unstable -
- nixpkgs-unstable 0.8

pkgs.haskellPackages.avahi

Minimal DBus bindings for Avahi daemon (http://avahi.org)

nixos-unstable -
- nixpkgs-unstable 0.2.0

pkgs.python312Packages.avahi

mDNS/DNS-SD implementation

nixos-unstable -
- nixpkgs-unstable 0.8

pkgs.python313Packages.avahi

mDNS/DNS-SD implementation

nixos-unstable -
- nixpkgs-unstable 0.8

Package maintainers

@lovek323 Jason O'Conal <jason@oconal.id.au>
@globin Robin Gloster <mail@glob.in>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.avahi

pkgs.guile-avahi

pkgs.avahi-compat

pkgs.haskellPackages.avahi

pkgs.python312Packages.avahi

pkgs.python313Packages.avahi

Package maintainers