CVE-2017-9445
Published: 27 June 2017
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
Priority
CVSS 3 base score: 7.5
Notes
Author | Note |
---|---|
chrisccoulson | I believe this was introduced in v223 by https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37 systemd-resolved is not used by default in Xenial. It is spawned if a user execs the systemd-resolve utility, but that shouldn't impact the system. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445
- https://usn.ubuntu.com/usn/usn-3341-1
- NVD
- Launchpad
- Debian