Wind River Support Network

HomeDefectsLIN1023-9267
Fixed

LIN1023-9267 : Security Advisory - avahi - CVE-2024-52616

Created: Nov 17, 2024    Updated: Feb 7, 2025
Resolved Date: Feb 7, 2025
Found In Version: 10.23.30.1
Fix Version: 10.23.30.15
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

https://nvd.nist.gov/vuln/detail/CVE-2024-52616

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube