CVE-2024-52616
MEDIUM5.3EPSS 0.08%Published: 11/21/2024Modified: 12/3/2025
Also known as:ALPINE-CVE-2024-52616
Description
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
Affected packages (2)
- Alpine/avahifrom 0, < 0.8-r21
- Debian/avahifrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |