High severity7.5NVD Advisory· Published Oct 26, 2017· Updated May 13, 2026
CVE-2017-15908
CVE-2017-15908
Description
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
Affected products
15cpe:2.3:a:systemd_project:systemd:223:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:systemd_project:systemd:223:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:224:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:225:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:226:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:227:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:229:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:230:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:231:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:232:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:233:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:234:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:235:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351nvdIssue TrackingPatchThird Party Advisory
- github.com/systemd/systemd/pull/7184nvdIssue TrackingPatchThird Party Advisory
- usn.ubuntu.com/3558-1/nvdPatchThird Party Advisory
- www.securityfocus.com/bid/101600nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039662nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.