In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

Related CVEs

CVE-2017-15908

Key Information

GHSA ID

GHSA-7jr2-6c89-rmhp

Published

May 13, 2022 1:03 AM

Last Modified

April 20, 2025 3:47 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 17, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.