5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.528 Medium
EPSS
Percentile
97.6%
Severity: Critical
Date : 2017-07-03
CVE-ID : CVE-2017-9445
Package : systemd
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-329
The package systemd before version 233-6 is vulnerable to arbitrary
code execution.
Upgrade to 233-6.
The problem has been fixed upstream in version 233.
None.
An out-of-bounds write was discovered in systemd-resolved when handling
specially crafted DNS responses. A remote attacker could potentially
exploit this to cause a denial of service (daemon crash) or execute
arbitrary code.
A remote attacker is able to craft a malicious DNS response to crash
systemd-resolved or execute arbitrary code on the target host.
https://bugs.archlinux.org/task/54619
http://seclists.org/oss-sec/2017/q2/618
https://security.archlinux.org/CVE-2017-9445
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.528 Medium
EPSS
Percentile
97.6%