Buffer Overflow in systemd-resolved Affects systemd by Red Hat
CVE-2017-9445

7.5HIGH

Key Information:

Vendor

Systemd Project

Status
Systemd
Vendor
CVE Published:
28 June 2017

What is CVE-2017-9445?

A vulnerability in systemd, specifically in systemd-resolved prior to version 233, allows for a buffer overflow. This occurs when sizes transmitted to the dns_packet_new function can lead to the allocation of a buffer that is inadequate. An attacker can exploit this by sending a specially crafted TCP payload from a malicious DNS server, effectively causing systemd-resolved to allocate insufficient memory. This misallocation can result in arbitrary data being written beyond the bounds of the allocated buffer, leading to severe system integrity and security implications.

References

https://launchpad.net/bugs/1695546
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038806
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99302
vdb-entryx_refsource_BID

EPSS Score

55% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.