Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-15908

Published: 26/10/2017 Updated: 20/02/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Systemd Project

Vulnerability Summary

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

systemd project systemd 228

systemd project systemd 229

systemd project systemd 226

systemd project systemd 227

systemd project systemd 234

systemd project systemd 235

systemd project systemd 223

systemd project systemd 224

systemd project systemd 225

systemd project systemd 232

systemd project systemd 233

systemd project systemd 230

systemd project systemd 231

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

Vendor Advisories

Debian CVElist Bug Report Logs: systemd: CVE-2017-15908
Debian Bug report logs - #880026 systemd: CVE-2017-15908 Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2017 15:42:02 UTC Severity: important Tags: fixed-upstream, ...
Ubuntu Security Notice: systemd vulnerability
systemd could be made to temporarily stop responding if it received specially crafted network traffic ...
Ubuntu Security Notice: systemd vulnerabilities
Several security issues were fixed in systemd ...
Red Hat: CVE-2017-15908
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service ...

References

CWE-835https://github.com/systemd/systemd/pull/7184https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351http://www.securitytracker.com/id/1039662http://www.securityfocus.com/bid/101600https://usn.ubuntu.com/3558-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880026https://nvd.nist.govhttps://usn.ubuntu.com/3466-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook