Description
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
References (5)
Core 5
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20241213-0003/
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/systemd/systemd/pull/5998
Issue Tracking, Third Party Advisory x_refsource_confirm
https://launchpad.net/bugs/1621396
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98677
Scores
CVSS v3
7.5
EPSS
0.0150
EPSS Percentile
81.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
systemd_project/systemd
< 233
Published
May 24, 2017
Tracked Since
Feb 18, 2026