CVE-2017-15908

Priority
Description
In systemd 223 through 235, a remote DNS server can respond with a custom
crafted DNS NSEC resource record to trigger an infinite loop in the
dns_packet_read_type_window() function of the 'systemd-resolved' service
and cause a DoS of the affected service.
Assigned-to
mdeslaur
Notes
mdeslaurresolve only used by default on zesty+
independently discovered by Nelson William Gamazo Sanchez,
working with Trend Micro's Zero Day Initiative
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (229-4ubuntu21.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (235-2ubuntu3)
Patches:
Upstream:https://github.com/systemd/systemd/pull/7184
Upstream:https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62
More Information

Updated: 2020-03-18 22:49:04 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)