CVE-2024-52616

Avahi: avahi wide-area dns predictable transaction ids

CVSS 5.3 MEDIUMEPSS 0.7%CWE-334

In short

Avahi-daemon uses predictable DNS transaction IDs that are only randomized once at startup and then incremented sequentially, making it easy for attackers to guess them and spoof DNS responses.

Technical detail

Avahi-daemon initializes DNS transaction IDs with a single random value at startup, then increments them sequentially for subsequent queries. This predictable pattern allows attackers to forge DNS replies by guessing the transaction ID, enabling DNS spoofing attacks without requiring network sniffing or advanced techniques.

Summary generated and translated by AI from the official description.

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

avahiRed Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat In-Vehicle Operating System 1 Red Hat · Red Hat OpenShift Container Platform 4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2025:7437 https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://github.com/avahi/avahi/pull/577