CVE-2017-15908

Name: CVE-2017-15908
Creator: NVD / NIST
Published: 2017-10-26T14:29:00.207+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 23.63%

Last modified Jun 17, 2026

CVE-2017-15908 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.. EPSS estimates a 23.63% chance of exploitation in the next 30 days.

Description

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

23.63%

97.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-835

Affected Software

Vendor	Product	Versions
Systemd Project	Systemd	223
Systemd Project	Systemd	224
Systemd Project	Systemd	225
Systemd Project	Systemd	226
Systemd Project	Systemd	227
Systemd Project	Systemd	228
Systemd Project	Systemd	229
Systemd Project	Systemd	230
Systemd Project	Systemd	231
Systemd Project	Systemd	232
Systemd Project	Systemd	233
Systemd Project	Systemd	234
Systemd Project	Systemd	235
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04

References

http://www.securityfocus.com/bid/101600Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039662Third Party Advisory, VDB Entry
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351Issue Tracking, Patch, Third Party Advisory
https://github.com/systemd/systemd/pull/7184Issue Tracking, Patch, Third Party Advisory
https://usn.ubuntu.com/3558-1/Patch, Third Party Advisory
http://www.securityfocus.com/bid/101600Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039662Third Party Advisory, VDB Entry
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351Issue Tracking, Patch, Third Party Advisory
https://github.com/systemd/systemd/pull/7184Issue Tracking, Patch, Third Party Advisory
https://usn.ubuntu.com/3558-1/Patch, Third Party Advisory

Timeline

Published: Oct 26, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15908?

How severe is CVE-2017-15908?

CVE-2017-15908 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 23.63% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15908?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15908?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST