VYPR

systemd-resolved

by Systemd Project

Source repositories

CVEs (5)

  • CVE-2017-9445HigJun 28, 2017
    risk 0.53cvss 7.5epss 0.55

    In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer…

  • CVE-2017-15908HigOct 26, 2017
    risk 0.51cvss 7.5epss 0.24

    In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

  • CVE-2017-9217HigMay 24, 2017
    risk 0.50cvss 7.5epss 0.15

    systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.

  • CVE-2023-7008Dec 23, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

  • CVE-2019-15718Sep 4, 2019
    risk 0.00cvss epss 0.01

    In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by…