CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*
OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

22 Nov 2024, 12:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/ -
  • () https://security.netapp.com/advisory/ntap-20241122-0004/ -
References () https://access.redhat.com/errata/RHSA-2024:2463 - () https://access.redhat.com/errata/RHSA-2024:2463 -
References () https://access.redhat.com/errata/RHSA-2024:3203 - () https://access.redhat.com/errata/RHSA-2024:3203 -
References () https://access.redhat.com/security/cve/CVE-2023-7008 - Vendor Advisory () https://access.redhat.com/security/cve/CVE-2023-7008 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - Issue Tracking
References () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - Issue Tracking
References () https://github.com/systemd/systemd/issues/25676 - Issue Tracking () https://github.com/systemd/systemd/issues/25676 - Issue Tracking

16 Sep 2024, 17:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/', 'source': 'secalert@redhat.com'}

22 May 2024, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3203 -

30 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2463 -

27 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/ -

24 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/ -

04 Jan 2024, 19:14

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
CWE NVD-CWE-Other
References () https://access.redhat.com/security/cve/CVE-2023-7008 - () https://access.redhat.com/security/cve/CVE-2023-7008 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - () https://bugzilla.redhat.com/show_bug.cgi?id=2222261 - Issue Tracking
References () https://github.com/systemd/systemd/issues/25676 - () https://github.com/systemd/systemd/issues/25676 - Issue Tracking
References () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - () https://bugzilla.redhat.com/show_bug.cgi?id=2222672 - Issue Tracking

23 Dec 2023, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-23 13:15

Updated : 2024-11-22 12:15


NVD link : CVE-2023-7008

Mitre link : CVE-2023-7008

CVE.ORG link : CVE-2023-7008


JSON object : View

Products Affected

debian

  • debian_linux

systemd_project

  • systemd
CWE
CWE-300

Channel Accessible by Non-Endpoint

NVD-CWE-Other