CVE-2023-38472
medium
CVSS v3
β
CVSS v4 NEW
β
VIR risk
5.5
Description
RHSA-2023:7836: avahi security update (Moderate)
Predictions
Exploit likelihood
20%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description avahi: Reachable assertion in avahi_rdata_parse CVSS v3: 6.2 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8avahi-0:0.7-21.el8_9.1RHSA-2023:78362023-12-14T00:00:00Z Red Hat Enterprise Linux 8avahi-0:0.7-21.el8_9.1RHSA-2023:78362023-12-14T00:00:00Z Red Hat Enterprise Linux 8.6 Extended Updateβ¦
Description
avahi: Reachable assertion in avahi_rdata_parse
CVSS v3: 6.2 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | avahi-0:0.7-21.el8_9.1 | RHSA-2023:7836 | 2023-12-14T00:00:00Z |
| Red Hat Enterprise Linux 8 | avahi-0:0.7-21.el8_9.1 | RHSA-2023:7836 | 2023-12-14T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | avahi-0:0.7-20.el8_6.3 | RHSA-2024:0418 | 2024-01-25T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | avahi-0:0.7-20.el8_8.4 | RHSA-2024:0576 | 2024-01-30T00:00:00Z |
| Red Hat Enterprise Linux 9 | avahi-0:0.8-20.el9 | RHSA-2024:2433 | 2024-04-30T00:00:00Z |
| Red Hat Enterprise Linux 9 | avahi-0:0.8-20.el9 | RHSA-2024:2433 | 2024-04-30T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | avahi | Out of support scope |
| Red Hat Enterprise Linux 7 | avahi | Out of support scope |
Apply commands
Apply RHSA-2023:7836 for Red Hat Enterprise Linux 8
yum update -y avahi
# or:
dnf upgrade -y avahiOS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | avahi-0.7-21.el8_9.1.i686.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 0.8-14 |
| sid | Fixed | 0.8-14 |
| forky | Fixed | 0.8-14 |
| bullseye | Fixed | 0.8-5+deb11u3 |
| bookworm | Fixed | 0.8-10+deb12u1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2024:2433
- https://security-tracker.debian.org/tracker/CVE-2023-38472
- https://errata.rockylinux.org/RLSA-2023:7836
- https://www.suse.com/security/cve/CVE-2023-38472.html
- https://bugzilla.redhat.com/2191687
- https://bugzilla.redhat.com/2191690
- https://bugzilla.redhat.com/2191691
- https://bugzilla.redhat.com/2191692
- https://bugzilla.redhat.com/2191694
- https://errata.almalinux.org/9/ALSA-2024-2433.html
- https://access.redhat.com/errata/RHSA-2023:7836
- https://bugzilla.redhat.com/1939614
- https://errata.almalinux.org/8/ALSA-2023-7836.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.