CVE-2024-52616
5.3
MEDIUM
CVSS 3.1
EPSS 0.08%
Description
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
How to fix CVE-2024-52616
To remediate CVE-2024-52616, upgrade the affected package to a fixed version below.
- Alpine/avahi—upgrade to 0.8-r21 or later
- —no fix listed
Is CVE-2024-52616 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8-r21
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |