CVE-2017-9445

Priority
High
Description
In systemd through 233, certain sizes passed to dns_packet_new in
systemd-resolved can cause it to allocate a buffer that's too small. A
malicious DNS server can exploit this via a response with a specially
crafted TCP payload to trick systemd-resolved into allocating a buffer
that's too small, and subsequently write arbitrary data beyond the end of
it.
References
Bugs
Notes
 chrisccoulson> I believe this was introduced in v223 by
  https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
 chrisccoulson> systemd-resolved is not used by default in Xenial. It is
  spawned if a user execs the systemd-resolve utility, but that shouldn't
  impact the system.
Assigned-to
chrisccoulson
Package
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):released (233-8ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (204-5ubuntu20.24)
Ubuntu Core 15.04:not-affected (219-7ubuntu6)
Ubuntu 16.04 LTS (Xenial Xerus):released (229-4ubuntu19)
Ubuntu 17.04 (Zesty Zapus):released (232-21ubuntu5)
More Information

Updated: 2017-07-21 17:14:34 UTC (commit 12937)