CVE-2017-15908

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 26-10-2017 04:29

Last modified: - 20-02-2022 06:58

Total changes: - 3

Description

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=systemd_project AND product=systemd AND version=228

vendor=systemd_project AND product=systemd AND version=229

vendor=systemd_project AND product=systemd AND version=226

vendor=systemd_project AND product=systemd AND version=227

vendor=systemd_project AND product=systemd AND version=234

vendor=systemd_project AND product=systemd AND version=235

vendor=systemd_project AND product=systemd AND version=223

vendor=systemd_project AND product=systemd AND version=224

vendor=systemd_project AND product=systemd AND version=225

vendor=systemd_project AND product=systemd AND version=232

vendor=systemd_project AND product=systemd AND version=233

vendor=systemd_project AND product=systemd AND version=230

vendor=systemd_project AND product=systemd AND version=231

vendor=canonical AND product=ubuntu_linux AND version=14.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=lts

Reference

https://github.com/systemd/systemd/pull/7184
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
1039662-Third Party Advisory, VDB Entry
101600-VDB Entry, Third Party Advisory
USN-3558-1-Patch, Third Party Advisory

Keywords

CVE-2017-15908

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2017-15908

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures