{"id":"CVE-2025-68471","summary":"Avahi has a reachable assertion in lookup_start","details":"Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.","aliases":["GHSA-56rf-42xr-qmmg"],"modified":"2026-04-16T04:31:19.456418894Z","published":"2026-01-12T17:39:57.416Z","related":["CGA-v7jq-4wr6-fgjm","SUSE-SU-2026:0143-1","SUSE-SU-2026:0259-1","SUSE-SU-2026:0422-1","SUSE-SU-2026:0577-1","SUSE-SU-2026:20145-1","SUSE-SU-2026:20167-1","SUSE-SU-2026:20525-1","openSUSE-SU-2026:10052-1","openSUSE-SU-2026:20110-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-617"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68471.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68471.json"},{"type":"ADVISORY","url":"https://github.com/avahi/avahi/security/advisories/GHSA-56rf-42xr-qmmg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68471"},{"type":"REPORT","url":"https://github.com/avahi/avahi/issues/678"},{"type":"FIX","url":"https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/avahi/avahi","events":[{"introduced":"0"},{"fixed":"9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1"}]}],"versions":["0.6.32-rc","v0.6.23","v0.6.24","v0.6.25","v0.6.26","v0.6.27","v0.6.28","v0.6.29","v0.6.30","v0.6.31","v0.6.32","v0.7","v0.8","v0.9-rc1","v0.9-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68471.json","vanir_signatures":[{"signature_type":"Function","id":"CVE-2025-68471-8b800984","digest":{"function_hash":"285681115689231934736972820592826652179","length":761},"target":{"function":"lookup_start","file":"avahi-core/browse.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1"},{"target":{"file":"avahi-core/browse.c"},"source":"https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1","digest":{"threshold":0.9,"line_hashes":["131477049406147028042511519061365218720","69024678338108153641727758570983173709","91183894014825058501342759438232662511","263085132819081757133558578820548525645"]},"signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2025-68471-94d1d7b8"}],"vanir_signatures_modified":"2026-04-12T19:16:14Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/lathiat/avahi","events":[{"introduced":"0"},{"last_affected":"8ee3bd6f7921b489bde14f120187a5becf134d30"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9-rc1"}]}}],"versions":["0.6.32-rc","v0.6.23","v0.6.24","v0.6.25","v0.6.26","v0.6.27","v0.6.28","v0.6.29","v0.6.30","v0.6.31","v0.6.32","v0.7","v0.8","v0.9-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68471.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}