Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

Description

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.

Affected Products

Vendor	Product	Versions
avahi	avahi-daemon	< 0.9-rc4

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	avahi	cert_advisory	90%

References

https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc(x_refsource_CONFIRM)
https://github.com/avahi/avahi/pull/891(x_refsource_MISC)
https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c(x_refsource_MISC)

Related News (4 articles)

Tier C

oss-security2h ago

Avahi: Reachable assertion in transport_flags_from_domain (CVE-2026-34933)

→ No new info (linked only)

Tier A

Microsoft MSRC2d ago

CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[NEU] [mittel] avahi: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

Tier C

VulDB7d ago

CVE-2026-34933 | Avahi up to 0.9-rc3 mDNS/DNS-SD assertion (GHSA-w65r-6gxh-vhvc)

Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

Description

Affected Products

Also Affects

References

Related News (4 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History