Vulnerabilities > CVE-2024-52616

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

CWE-334

NVD

Published: 2024-11-21

Updated: 2024-11-21

Summary

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Common Weakness Enumeration (CWE)

CWE-334 - Small Space of Random Values

References

https://access.redhat.com/security/cve/CVE-2024-52616
https://bugzilla.redhat.com/show_bug.cgi?id=2326429

Vulnerabilities > CVE-2024-52616 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-52616"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2024-52616