Unrated severityNVD Advisory· Published Dec 23, 2023· Updated Nov 6, 2025

Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes

CVE-2023-7008

Description

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Affected products

Red Hat/Cryostat 2v5
cpe:/a:redhat:cryostat:2
Red Hat/Enterprise Linuxcpe-rescue2 versions
cpe:/a:redhat:enterprise_linux:9::crb+ 1 more
- cpe:/a:redhat:enterprise_linux:9::crbrange: 0:252-32.el9_4
- cpe:/o:redhat:enterprise_linux:8::baseosrange: 0:239-82.el8
osv-coords21 versions
pkg:rpm/almalinux/rhel-net-naming-sysattrs pkg:rpm/almalinux/systemd pkg:rpm/almalinux/systemd-boot-unsigned pkg:rpm/almalinux/systemd-container pkg:rpm/almalinux/systemd-devel pkg:rpm/almalinux/systemd-journal-remote pkg:rpm/almalinux/systemd-libs pkg:rpm/almalinux/systemd-oomd pkg:rpm/almalinux/systemd-pam pkg:rpm/almalinux/systemd-resolved pkg:rpm/almalinux/systemd-rpm-macros pkg:rpm/almalinux/systemd-tests pkg:rpm/almalinux/systemd-udev pkg:rpm/opensuse/systemd&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/systemd&distro=openSUSE%20Leap%20Micro%205.5 pkg:rpm/opensuse/systemd&distro=openSUSE%20Tumbleweed pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 252-32.el9_4.alma.1+ 20 more
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 239-82.el8
- (no CPE)range: < 252-32.el9_4.alma.1
- (no CPE)range: < 249.17-150400.8.43.1
- (no CPE)range: < 249.17-150400.8.43.1
- (no CPE)range: < 254.8-4.1
- (no CPE)range: < 249.17-150400.8.43.1
- (no CPE)range: < 249.17-150400.8.43.1
- (no CPE)range: < 249.17-150400.8.43.1
- (no CPE)range: < 249.17-150400.8.43.1
- (no CPE)range: < 249.17-150400.8.43.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:2463mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:3203mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2023-7008mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitre
github.com/systemd/systemd/issues/25676mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000