CVE-2017-9445
Publication date 27 June 2017
Last updated 25 August 2025
Ubuntu priority
Description
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| systemd | ||
| 16.04 LTS xenial |
Fixed 229-4ubuntu19
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
chrisccoulson
I believe this was introduced in v223 by https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37 systemd-resolved is not used by default in Xenial. It is spawned if a user execs the systemd-resolve utility, but that shouldn't impact the system.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3341-1
- Systemd vulnerability
- 27 June 2017