CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*
OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

16 Sep 2024, 17:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/', 'source': 'secalert@redhat.com'}

22 May 2024, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3203 -

30 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2463 -

27 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/ -

24 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/ -

04 Jan 2024, 19:14

Type Values Removed Values Added
First Time Systemd Project systemd
Debian debian Linux
Debian
Systemd Project
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
CPE cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2023-7008 - () https://access.redhat.com/security/cve/CVE-2023-7008 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - Issue Tracking
References () https://github.com/systemd/systemd/issues/25676 - () https://github.com/systemd/systemd/issues/25676 - Issue Tracking
References () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - Issue Tracking

23 Dec 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-23 13:15

Updated : 2024-09-16 17:16


NVD link : CVE-2023-7008

Mitre link : CVE-2023-7008

CVE.ORG link : CVE-2023-7008


JSON object : View

Products Affected

debian

  • debian_linux

systemd_project

  • systemd
CWE
NVD-CWE-Other CWE-300

Channel Accessible by Non-Endpoint