CVE-2017-15908

CWE-83510 documents8 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical Ubuntu LinuxSystemd Project Systemd
Timeline
PublishedOct 26
Latest updateMay 13

Description

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debiansystemd< 235-3+3
Ubuntusystemd< 204-5ubuntu20.26+1
NVDsystemd_project/systemd13 versions+12

Also affects: Ubuntu Linux 14.04, 16.04

Patches

Patch: bugs.launchpad.netPatch: github.comPatch: usn.ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-7jr2-6c89-rmhp: In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_pack2022-05-13
OSV
systemd vulnerabilities2018-02-05
CVEList
CVE-2017-15908: In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_pack2017-10-26
OSV
CVE-2017-15908: In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_pack2017-10-26

📋Vendor Advisories

4
Ubuntu
systemd vulnerabilities2018-02-05
Red Hat
systemd: Infinite loop in the dns_packet_read_type_window() function2017-10-26
Ubuntu
systemd vulnerability2017-10-26
Debian
CVE-2017-15908: systemd - In systemd 223 through 235, a remote DNS server can respond with a custom crafte...2017

💬Community

1
Bugzilla
CVE-2017-15908 systemd: Infinite loop in the dns_packet_read_type_window() function2017-10-30
CVE-2017-15908 (HIGH CVSS 7.5) | In systemd 223 through 235 | cvebase.io