CVE-2023-7008

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-7008
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7008.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-7008
Related
Published
2023-12-23T13:15:07Z
Modified
2024-10-12T11:16:23.488641Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

References

Affected packages

Debian:11 / systemd

Package

Name
systemd
Purl
pkg:deb/debian/systemd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
247.3-7+deb11u6

Affected versions

247.*

247.3-6
247.3-7
247.3-7+deb11u1
247.3-7+deb11u2
247.3-7+deb11u3
247.3-7+deb11u4
247.3-7+deb11u5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / systemd

Package

Name
systemd
Purl
pkg:deb/debian/systemd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
252.21-1~deb12u1

Affected versions

252.*

252.6-1
252.6-1+loong64
252.11-1~deb12u1
252.11-1
252.12-1~deb12u1
252.14-1~deb12u1
252.16-1~deb12u1
252.17-1~deb12u1
252.18-1~deb12u1
252.19-1~deb12u1
252.20-1~deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / systemd

Package

Name
systemd
Purl
pkg:deb/debian/systemd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
255.1-3

Affected versions

252.*

252.6-1
252.6-1+loong64
252.11-1~deb12u1
252.11-1
252.12-1~deb12u1
252.14-1~deb12u1
252.16-1~deb12u1
252.17-1~deb12u1
252.18-1~deb12u1
252.19-1~deb12u1
252.20-1~deb12u1
252.21-1~deb12u1
252.22-1~deb12u1
252.23-1~deb12u1
252.24-1~deb12u1
252.25-1~deb12u1
252.26-1~deb12u1
252.26-1~deb12u2~bpo11+1
252.26-1~deb12u2
252.27-1~deb12u1
252.28-1~deb12u1
252.29-1~deb12u1~bpo11+1
252.29-1~deb12u1
252.30-1~deb12u1
252.30-1~deb12u2

Other

253~rc2-1
253~rc3-1
253-1
253-2
253-3
253-4
254~rc1-1
254~rc1-2
254~rc1-3
254~rc1-4
254~rc2-1
254~rc2-2
254~rc2-3
254~rc3-1
254~rc3-2
254~rc3-3
254-1
255~rc1-1
255~rc1-2
255~rc1-3
255~rc1-4
255~rc2-1
255~rc2-2
255~rc2-3
255~rc3-1
255~rc3-2
255~rc3-3
255~rc4-1
255~rc4-2
255-1

253.*

253.5-1

254.*

254.1-1
254.1-2
254.1-3
254.3-1
254.4-1
254.5-1~bpo12+1
254.5-1~bpo12+2
254.5-1~bpo12+3
254.5-1
254.14-1~bpo12+1
254.15-1~bpo12+1
254.16-1~bpo12+1

255.*

255.1-1
255.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/systemd/systemd

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v3
v4
v5
v6
v7
v8
v9