A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
References
Configurations
Configuration 1 (hide)
AND |
|
History
22 Nov 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://access.redhat.com/errata/RHSA-2024:2463 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3203 - | |
References | () https://access.redhat.com/security/cve/CVE-2023-7008 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - Issue Tracking | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - Issue Tracking | |
References | () https://github.com/systemd/systemd/issues/25676 - Issue Tracking |
16 Sep 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jan 2024, 19:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CWE | NVD-CWE-Other | |
References | () https://access.redhat.com/security/cve/CVE-2023-7008 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - Issue Tracking | |
References | () https://github.com/systemd/systemd/issues/25676 - Issue Tracking | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - Issue Tracking |
23 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-23 13:15
Updated : 2024-11-22 12:15
NVD link : CVE-2023-7008
Mitre link : CVE-2023-7008
CVE.ORG link : CVE-2023-7008
JSON object : View
Products Affected
debian
- debian_linux
systemd_project
- systemd
CWE