Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
CVE-2023-7008
5.9MEDIUM
Key Information:
- Vendor
Red Hat
- Vendor
- CVE Published:
- 23 December 2023
What is CVE-2023-7008?
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
Affected Version(s)
Red Hat Enterprise Linux 8 0:239-82.el8
Red Hat Enterprise Linux 9 0:252-32.el9_4
Red Hat Enterprise Linux 9 0:252-32.el9_4