GHSA-4475-5jrv-wv6j on CTRL-OS 24.05

Packages: avahi

Status: Blocked

CVE Information

When unsolicited announcements with the following PTR resource records are received

        _services._dns-sd._udp.local: type PTR, class IN, _wat._udp.local                                                                                     
            Name: _services._dns-sd._udp.local                                                                                                                
            Type: PTR (domain name PoinTeR) (12)
            .000 0000 0000 0001 = Class: IN (0x0001)
            0... .... .... .... = Cache flush: False
            Time to live: 4500 (1 hour, 15 minutes)
            Data length: 17
            Domain Name: _wat._udp.local
        _wat._udp.local: type PTR, class IN, Q._woot._tcp.local                                                                                               
            Name: _wat._udp.local                                                                                                                             
            Type: PTR (domain name PoinTeR) (12)                                                                                                              
            .000 0000 0000 0001 = Class: IN (0x0001)                                                                                                          
            0... .... .... .... = Cache flush: False                                                                                                          
            Time to live: 4500 (1 hour, 15 minutes)                                                                                                           
            Data length: 20                                                                                                                                   
            Domain Name: Q._woot._tcp.local                        

avahi-discover-standalone crashes with:

**
ERROR:main.c:149:service_browser_callback: assertion failed: (s->service_type)
Bail out! ERROR:main.c:149:service_browser_callback: assertion failed: (s->service_type)

#0  0x00007ffff6a9e114 in __pthread_kill_implementation () at /lib64/libc.so.6
#1  0x00007ffff6a44f9e in raise () at /lib64/libc.so.6
#2  0x00007ffff6a2c942 in abort () at /lib64/libc.so.6
#3  0x00007ffff6d3614c in g_assertion_message[cold] () at /lib64/libglib-2.0.so.0
#4  0x00007ffff6da58c7 in g_assertion_message_expr () at /lib64/libglib-2.0.so.0
#5  0x00000000004e58b6 in service_browser_callback
    (b=0x506000191c00, interface=3, protocol=0, event=AVAHI_BROWSER_NEW, service_name=0x7ffff430c020 "Q", service_type=0x7ffff430c080 "_woot._tcp", domain_name=0x7ffff430c500 "local", flags=(AVAHI_LOOKUP_RESULT_CACHED | AVAHI_LOOKUP_RESULT_MULTICAST), userdata=0x0) at main.c:149
#6  0x00007ffff7cae469 in record_browser_callback
    (rr=0x50b0000859b0, interface=3, protocol=0, event=AVAHI_BROWSER_NEW, record=0x504000124bd0, flags=(AVAHI_LOOKUP_RESULT_CACHED | AVAHI_LOOKUP_RESULT_MULTICAST), userdata=0x506000191c00)
    at browse-service.c:81
#7  0x00007ffff7c95e70 in lookup_multicast_callback
    (e=0x5030004835b0, interface=3, protocol=0, event=AVAHI_BROWSER_NEW, flags=(AVAHI_LOOKUP_RESULT_CACHED | AVAHI_LOOKUP_RESULT_MULTICAST), r=0x504000124bd0, userdata=0x5070001107d0)
    at browse.c:285
#8  0x00007ffff7cf79d7 in scan_cache_callback
    (c=0x5040000fddd0, pattern=0x5030005c4610, e=0x50e000057760, userdata=0x7ffff3e24820)
    at multicast-lookup.c:210
#9  0x00007ffff7c5b494 in avahi_cache_walk
    (c=0x5040000fddd0, pattern=0x5030005c4610, cb=0x7ffff7cf7340 <scan_cache_callback>, userdata=0x7ffff3e24820) at cache.c:138
#10 0x00007ffff7cf51ff in scan_interface_callback
    (m=0x50600012b000, i=0x50d000022b30, userdata=0x7ffff3e24820) at multicast-lookup.c:233
#11 0x00007ffff7c194b0 in avahi_interface_monitor_walk
    (m=0x50600012b000, interface=-1, protocol=-1, callback=0x7ffff7cf4f70 <scan_interface_callback>, userdata=0x7ffff3e24820) at iface.c:761
#12 0x00007ffff7cf4e49 in avahi_multicast_lookup_engine_scan_cache
    (e=0x5030004835b0, interface=-1, protocol=-1, key=0x5030005c4610, callback=0x7ffff7c95640 <lookup_multicast_callback>, userdata=0x5070001107d0) at multicast-lookup.c:266
#13 0x00007ffff7c93e58 in lookup_scan_cache (l=0x5070001107d0) at browse.c:353
#14 0x00007ffff7c91761 in lookup_go (l=0x5070001107d0) at browse.c:384
#15 0x00007ffff7c8cde7 in defer_callback (e=0x506000191c60, userdata=0x50b0000859b0)
    at browse.c:474
#16 0x00007ffff7c04835 in expiration_event (timeout=0x50600012afa0, userdata=0x503000483520)
    at timeeventq.c:94
#17 0x00007ffff7f53c79 in start_timeout_callback (t=0x50600012afa0) at glib-watch.c:252
#18 0x00007ffff7f500e5 in dispatch_func (source=0x510000001340, callback=0x0, userdata=0x0)
    at glib-watch.c:331
#19 0x00007ffff6d7328c in g_main_context_dispatch_unlocked.lto_priv ()
    at /lib64/libglib-2.0.so.0
#20 0x00007ffff6dd37b8 in g_main_context_iterate_unlocked.isra () at /lib64/libglib-2.0.so.0
#21 0x00007ffff6d79377 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#22 0x00007ffff75efb35 in gtk_main () at /lib64/libgtk-3.so.0
#23 0x00000000004e3715 in main (argc=1, argv=0x7fffffffdd68) at main.c:369

Updates

2026-04-07 23:29 CEST

Metadata changes:

• Status for package avahi: “Blocked”

Comment:

No listed fixes

2026-04-07 23:28 CEST

Metadata changes:

• Status for package avahi: “Plausible”

2026-04-07 23:07 CEST

Metadata changes:

• Status for package avahi: “Acknowledged”

(Amended on: 2026-04-07 23:08 CEST)