Back to search
CVE-2017-9445
Published: Jun 28, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://launchpad.net/bugs/1695546
x_refsource_CONFIRM
1038806
vdb-entry
x_refsource_SECTRACK
99302
vdb-entry
x_refsource_BID
http://openwall.com/lists/oss-security/2017/06/27/8
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now