Lucene search
RedhatCVE-2023-7008HistoryDec 23, 2023 - 1:15 p.m.
CVE-2023-7008
2023-12-2313:15:07
CWE-300
redhat
web.nvd.nist.gov
202
vulnerability
systemd-resolved
dnssec
dns
security
manipulation
cve-2023-7008
nvd
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
27.9%
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
Affected configurations
Node
systemd_projectsystemdMatch25
debiandebian_linuxMatch8.0
ORdebiandebian_linuxMatch9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| systemd_project | systemd | 25 | cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:* |
| debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "systemd",
"defaultStatus": "affected",
"versions": [
{
"version": "0:239-82.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "systemd",
"defaultStatus": "affected",
"versions": [
{
"version": "0:252-32.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "systemd",
"defaultStatus": "affected",
"versions": [
{
"version": "0:252-32.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Cryostat 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "systemd",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:cryostat:2"
]
}
]Related
veracode
veracode
Man-in-the-Middle (MitM)
2023-12-26 06:18:11
prion
prion
Design/Logic Flaw
2023-12-23 13:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-1230)
2024-03-12 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-1327)
2024-03-13 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-1499)
2024-04-08 00:00:00
almalinux
almalinux
Moderate: systemd security update
2024-04-30 00:00:00
Moderate: systemd security update
2024-05-22 00:00:00
nessus
nessus
EulerOS 2.0 SP11 : systemd (EulerOS-SA-2024-1252)
2024-03-12 00:00:00
EulerOS Virtualization 3.0.6.0 : systemd (EulerOS-SA-2024-2066)
2024-07-25 00:00:00
EulerOS Virtualization 2.11.1 : systemd (EulerOS-SA-2024-1622)
2024-05-15 00:00:00
oraclelinux
oraclelinux
systemd security update
2024-05-03 00:00:00
systemd security update
2024-05-23 00:00:00
debiancve
debiancve
CVE-2023-7008
2023-12-23 13:15:07
fedora
fedora
[SECURITY] Fedora 39 Update: systemd-254.8-2.fc39
2024-01-24 01:30:31
[SECURITY] Fedora 38 Update: systemd-253.15-2.fc38
2024-01-27 02:13:16
osv
osv
CVE-2023-7008
2023-12-23 13:15:07
Moderate: systemd security update
2024-04-30 00:00:00
Security update for systemd
2024-09-05 15:05:38
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2023-7008
2023-12-23 00:00:00
rocky
rocky
systemd security update
2024-05-10 14:32:36
nvd
nvd
CVE-2023-7008
2023-12-23 13:15:07
cbl_mariner
cbl_mariner
CVE-2023-7008 affecting package systemd for versions less than 123
2024-09-27 09:12:43
redhatcve
redhatcve
CVE-2023-7008
2023-12-20 16:00:37
redhat
redhat
(RHSA-2024:2463) Moderate: systemd security update
2024-04-30 06:15:46
(RHSA-2024:3203) Moderate: systemd security update
2024-05-22 06:35:57
redos
redos
ROS-20240425-05
2024-04-25 00:00:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
27.9%
Related for CVE-2023-7008