Vulnerability Details CVE-2017-9445
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 88.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://openwall.com/lists/oss-security/2017/06/27/8
- http://www.securityfocus.com/bid/99302
- http://www.securitytracker.com/id/1038806
- https://launchpad.net/bugs/1695546
- http://openwall.com/lists/oss-security/2017/06/27/8
- http://www.securityfocus.com/bid/99302
- http://www.securitytracker.com/id/1038806
- https://launchpad.net/bugs/1695546
Products affected by CVE-2017-9445
-
cpe:2.3:a:systemd_project:systemd:223
-
cpe:2.3:a:systemd_project:systemd:224
-
cpe:2.3:a:systemd_project:systemd:225
-
cpe:2.3:a:systemd_project:systemd:226
-
cpe:2.3:a:systemd_project:systemd:227
-
cpe:2.3:a:systemd_project:systemd:228
-
cpe:2.3:a:systemd_project:systemd:229
-
cpe:2.3:a:systemd_project:systemd:230
-
cpe:2.3:a:systemd_project:systemd:231
-
cpe:2.3:a:systemd_project:systemd:232
-
cpe:2.3:a:systemd_project:systemd:233