CVE-2017-9445

{"id": "CVE-2017-9445", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-06-28T06:29:00.190", "references": [{"url": "http://openwall.com/lists/oss-security/2017/06/27/8", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99302", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1038806", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://launchpad.net/bugs/1695546", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it."}, {"lang": "es", "value": "En systemd hasta la versi\u00f3n 233, ciertos tama\u00f1os pasados a la funci\u00f3n dns_packet_new en systemd-resolved pueden causar que asigne un b\u00fafer que es muy peque\u00f1o. Un servidor DNS malicioso puede aprovechar esto por medio de una respuesta con una carga \u00fatil TCP especialmente creada para enga\u00f1ar a systemd-resolved en la asignaci\u00f3n de un b\u00fafer que es muy peque\u00f1o, y posteriormente escribir datos arbitrarios m\u00e1s all\u00e1 del final de la misma."}], "lastModified": "2022-01-31T18:19:39.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "838D37A0-18AB-4999-B577-3F38064D99A5", "versionEndIncluding": "233", "versionStartIncluding": "223"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}