Sorry, but this is not a standard TCP payload. I think the bug is in the library that made the packet, not with systemd. They should fix their library.
"A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it."
When your program doesn't handle a malformed input, and this leads to a buffer overflow, it's your fault. When this program is something as important as systemd, the problem is even worse.
Anything Internet-facing has to accept any kind of packet without crashing, or at least without failing in an exploitable way. That's the bare minimum you-must-be-this-tall entry requirement of security.
When your program doesn't handle a malformed input, and this leads to a buffer overflow, it's your fault. When this program is something as important as systemd, the problem is even worse.