CVE Vulnerabilities

CVE-2017-15908

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Oct 26, 2017 | Modified: Feb 20, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the systemd-resolved service and cause a DoS of the affected service.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Systemd Systemd_project 228 228
Systemd Systemd_project 229 229
Systemd Systemd_project 224 224
Systemd Systemd_project 225 225
Systemd Systemd_project 223 223
Systemd Systemd_project 232 232
Systemd Systemd_project 234 234
Systemd Systemd_project 230 230
Systemd Systemd_project 231 231
Systemd Systemd_project 226 226
Systemd Systemd_project 227 227
Systemd Systemd_project 235 235
Systemd Systemd_project 233 233

References