Skip to main content

Systemd CVE-2017-9445

HIGH
Out-of-bounds Write (CWE-787)
2017-06-28 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 28, 2017 - 06:29 cve.org
HIGH 7.5

DescriptionCVE.org

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.

AnalysisAI

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. Affected products include: Systemd Project Systemd. Version information: through 233.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2015-7510 CRITICAL POC
9.8 Sep 25

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. Rated cr

CVE-2013-4391 HIGH POC
7.5 Oct 28

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cau

CVE-2016-10156 HIGH POC
7.8 Jan 23

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd tim

CVE-2023-26604 HIGH POC
7.8 Mar 03

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible su

CVE-2019-3844 HIGH POC
7.8 Apr 26

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of

CVE-2019-3843 HIGH POC
7.8 Apr 26

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allo

CVE-2018-15686 HIGH POC
7.8 Oct 26

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution

CVE-2018-6954 HIGH POC
7.8 Feb 13

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local

CVE-2019-3842 HIGH POC
7.0 Apr 09

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using t

CVE-2018-15687 HIGH POC
7.0 Oct 26

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary

CVE-2017-1000082 CRITICAL
9.8 Jul 07

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. Rated critical severity (CV

CVE-2022-2526 CRITICAL
9.8 Sep 09

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely

Share

CVE-2017-9445 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy