In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
2017-10-26T14:29:00.207
2025-04-20T01:37:25.860
Deferred
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | systemd_project | systemd | 223 | Yes |
| Application | systemd_project | systemd | 224 | Yes |
| Application | systemd_project | systemd | 225 | Yes |
| Application | systemd_project | systemd | 226 | Yes |
| Application | systemd_project | systemd | 227 | Yes |
| Application | systemd_project | systemd | 228 | Yes |
| Application | systemd_project | systemd | 229 | Yes |
| Application | systemd_project | systemd | 230 | Yes |
| Application | systemd_project | systemd | 231 | Yes |
| Application | systemd_project | systemd | 232 | Yes |
| Application | systemd_project | systemd | 233 | Yes |
| Application | systemd_project | systemd | 234 | Yes |
| Application | systemd_project | systemd | 235 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |