CVE-2017-9445

Priority
Description
In systemd through 233, certain sizes passed to dns_packet_new in
systemd-resolved can cause it to allocate a buffer that's too small. A
malicious DNS server can exploit this via a response with a specially
crafted TCP payload to trick systemd-resolved into allocating a buffer
that's too small, and subsequently write arbitrary data beyond the end of
it.
Notes
 chrisccoulson> I believe this was introduced in v223 by
  https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
 chrisccoulson> systemd-resolved is not used by default in Xenial. It is
  spawned if a user execs the systemd-resolve utility, but that shouldn't
  impact the system.
Assigned-to
chrisccoulson
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (204-5ubuntu20.24)
Ubuntu 16.04 LTS (Xenial Xerus):released (229-4ubuntu19)
More Information

Updated: 2019-01-14 22:31:03 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)