CVE-2023-38469 - Vulnerability Details - OpenCVE

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avahi	Avahi
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
avahi-0:0.7-21.el8_9.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7836	2023-12-14T00:00:00Z
avahi-0:0.7-21.el8_9.1	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:7836	2023-12-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
avahi-0:0.7-20.el8_6.3	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:0418	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
avahi-0:0.7-20.el8_8.4	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0576	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
avahi-0:0.8-20.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2433	2024-04-30T00:00:00Z
avahi-0:0.8-20.el9	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:2433	2024-04-30T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-38469
https://bugzilla.redhat.com/show_bug.cgi?id=2191687
https://nvd.nist.gov/vuln/detail/CVE-2023-38469
https://www.cve.org/CVERecord?id=CVE-2023-38469

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-02T14:49:26.283Z

Updated: 2024-08-29T14:21:27.532Z

Reserved: 2023-07-18T09:48:04.752Z

Link: CVE-2023-38469

Vulnrichment

Updated: 2024-08-02T17:39:13.526Z

NVD

Status : Modified

Published: 2023-11-02T15:15:08.167

Modified: 2024-11-21T08:13:38.563

Link: CVE-2023-38469

Redhat

Severity : Moderate

Publid Date: 2023-04-26T00:00:00Z

Links: CVE-2023-38469 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38469", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-07-18T09:48:04.752Z", "datePublished": "2023-11-02T14:49:26.283Z", "dateUpdated": "2024-08-29T14:21:27.532Z"}, "containers": {"cna": {"title": "Reachable assertion in avahi_dns_packet_append_record", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record."}], "affected": [{"product": "avahi", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "avahi", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "avahi", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38469", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687", "name": "RHBZ#2191687", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-04-26T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-617", "description": "Reachable Assertion", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-617: Reachable Assertion", "timeline": [{"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-02T14:49:26.283Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.526Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38469", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687", "name": "RHBZ#2191687", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T13:53:35.768386Z", "id": "CVE-2023-38469", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:21:27.532Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38469", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687", "name": "RHBZ#2191687", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.526Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38469", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-29T13:53:35.768386Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T14:21:22.865Z"}}], "cna": {"title": "Reachable assertion in avahi_dns_packet_append_record", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "avahi", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "avahi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "avahi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "avahi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "avahi", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "avahi", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-04-26T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-04-26T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-38469", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687", "name": "RHBZ#2191687", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "Reachable Assertion"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-02T14:49:26.283Z"}, "x_redhatCweChain": "CWE-617: Reachable Assertion"}}, "cveMetadata": {"cveId": "CVE-2023-38469", "state": "PUBLISHED", "dateUpdated": "2024-08-29T14:21:27.532Z", "dateReserved": "2023-07-18T09:48:04.752Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-11-02T14:49:26.283Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*", "matchCriteriaId": "6481267F-934F-4A0C-9B25-59738E798458", "versionEndExcluding": "0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Avahi, donde existe una afirmaci\u00f3n alcanzable en avahi_dns_packet_append_record."}], "id": "CVE-2023-38469", "lastModified": "2024-11-21T08:13:38.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-02T15:15:08.167", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-38469"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-38469"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7836", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "avahi-0:0.7-21.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-14T00:00:00Z"}, {"advisory": "RHSA-2023:7836", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "avahi-0:0.7-21.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-14T00:00:00Z"}, {"advisory": "RHSA-2024:0418", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "avahi-0:0.7-20.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0576", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "avahi-0:0.7-20.el8_8.4", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:2433", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "avahi-0:0.8-20.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2433", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "avahi-0:0.8-20.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "avahi: Reachable assertion in avahi_dns_packet_append_record", "id": "2191687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.", "A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record."], "name": "CVE-2023-38469", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "avahi", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-38469\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38469"], "threat_severity": "Moderate"}