Vulnerability Description
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | >= 223, <= 233 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2017/06/27/8Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/99302Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038806Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1695546Broken Link
- http://openwall.com/lists/oss-security/2017/06/27/8Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/99302Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038806Third Party AdvisoryVDB Entry
- https://launchpad.net/bugs/1695546Broken Link
FAQ
What is CVE-2017-9445?
CVE-2017-9445 is a vulnerability with a CVSS score of 7.5 (HIGH). In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a spe...
How severe is CVE-2017-9445?
CVE-2017-9445 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9445?
Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd.