A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:2463 | |
https://access.redhat.com/errata/RHSA-2024:3203 | |
https://access.redhat.com/security/cve/CVE-2023-7008 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2222261 | Issue Tracking |
https://bugzilla.redhat.com/show_bug.cgi?id=2222672 | Issue Tracking |
https://github.com/systemd/systemd/issues/25676 | Issue Tracking |
Configurations
Configuration 1 (hide)
AND |
|
History
16 Sep 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jan 2024, 19:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Systemd Project systemd
Debian debian Linux Debian Systemd Project |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
References | () https://access.redhat.com/security/cve/CVE-2023-7008 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - Issue Tracking | |
References | () https://github.com/systemd/systemd/issues/25676 - Issue Tracking | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - Issue Tracking |
23 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-23 13:15
Updated : 2024-09-16 17:16
NVD link : CVE-2023-7008
Mitre link : CVE-2023-7008
CVE.ORG link : CVE-2023-7008
JSON object : View
Products Affected
debian
- debian_linux
systemd_project
- systemd
CWE