An out-of-bounds write flaw was found in the way systemd-resolved daemon handled processing of DNS responses. A remote attacker could potentially use this flaw to crash the daemon or execute arbitrary code in the context of the daemon process.
An out-of-bounds write in systemd-resolved due to allocating buffer that is too small in dns_packet_new was found. Malicious DNS server can exploit this by responding with specially crafted TCP payload to write arbitrary data beyond the allocated buffer.