Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-52615

CVE-2024-52615

MEDIUM5.3

Avahi: avahi wide-area dns uses constant source port

Published Nov 21, 2024

Modified 2 months ago

Details

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

References

ADVISORYhttps://access.redhat.com/errata/RHSA-2025:11402 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:16441 WEBhttps://access.redhat.com/security/cve/CVE-2024-52615 WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2326418 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-52615

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

NoneA:N

5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

Cryptography

Insufficient Randomness

Ecosystems

Timeline

PublishedNov 21, 2024

ModifiedNov 11, 2025

CVE-2024-52615 | Mondoo Vulnerability Intelligence