Bug 1463609 (CVE-2017-9445) - CVE-2017-9445 systemd: Out-of-bounds write in systemd-resolved due to allocating too small buffer in dns_packet_new
Summary: CVE-2017-9445 systemd: Out-of-bounds write in systemd-resolved due to allocat...
Alias: CVE-2017-9445
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1465610 1465728
Blocks: Embargoed1463610
TreeView+ depends on / blocked
Reported: 2017-06-21 10:22 UTC by Adam Mariš
Modified: 2021-02-17 02:00 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds write flaw was found in the way systemd-resolved daemon handled processing of DNS responses. A remote attacker could potentially use this flaw to crash the daemon or execute arbitrary code in the context of the daemon process.
Clone Of:
Last Closed: 2017-06-29 10:47:34 UTC

Attachments (Terms of Use)
Proposed patch (1.78 KB, patch)
2017-06-21 10:28 UTC, Adam Mariš
no flags Details | Diff

Description Adam Mariš 2017-06-21 10:22:11 UTC
An out-of-bounds write in systemd-resolved due to allocating buffer that is too small in dns_packet_new was found. Malicious DNS server can exploit this by responding with specially crafted TCP payload to write arbitrary data beyond the allocated buffer.

Comment 1 Adam Mariš 2017-06-21 10:22:15 UTC

Name: Chris Coulson (Canonical)

Comment 2 Adam Mariš 2017-06-21 10:28:42 UTC
Created attachment 1290017 [details]
Proposed patch

Comment 6 Dhiru Kholia 2017-06-23 06:57:12 UTC

This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7.

Comment 8 Dhiru Kholia 2017-06-28 03:59:08 UTC
Created systemd tracking bugs for this issue:

Affects: fedora-all [bug 1465728]

Comment 10 Andrej Nemec 2017-06-28 09:26:48 UTC


Note You need to log in before you can comment on or make changes to this bug.