CVE-2023-7008

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-7008
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7008.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-7008
Downstream
Related
Published
2023-12-23T13:00:50.515Z
Modified
2026-05-08T04:53:08.256531Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
Details

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Database specific 
{
    "cna_assigner": "redhat",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/7xxx/CVE-2023-7008.json",
    "cwe_ids": [
        "CWE-300"
    ]
}
References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
13f9123298ac70d5d05c1de5d6b93ff11af9ac55
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "25"
        }
    ]
}

Affected versions

Other
v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v3
v4
v5
v6
v7
v8
v9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7008.json"