CVE-2023-7008

CWE-3007 documents7 sources

Severity

5.9MEDIUM

EPSS

0.4%

top 36.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Systemd Project Systemd

Timeline

PublishedDec 23

Description

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶Debiansystemd< 247.3-7+deb11u6+3

▶NVDsystemd_project/systemd25

🔴Vulnerability Details

CVEList

Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes↗2023-12-23

▶

OSV

CVE-2023-7008: A vulnerability was found in systemd-resolved↗2023-12-23

▶

GHSA

GHSA-hwxf-wjq7-j3hm: A vulnerability was found in systemd-resolved↗2023-12-23

▶

📋Vendor Advisories

Microsoft

Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes↗2023-12-12

▶

Debian

CVE-2023-7008: systemd - A vulnerability was found in systemd-resolved. This issue may allow systemd-reso...↗2023

▶

Red Hat

systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes↗2022-12-08

▶