5.9

CVE-2017-3136

An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version >= 9.8.0 <= 9.8.8
IscBind Version >= 9.9.0 <= 9.9.9
IscBind Version >= 9.10.0 <= 9.10.4
IscBind Version9.8.0 Updatep1
IscBind Version9.9.0 Updatep1
IscBind Version9.9.0 Updatep2
IscBind Version9.9.0 Updatep3
IscBind Version9.9.0 Updatep4
IscBind Version9.9.0 Updatep5
IscBind Version9.9.0 Updatep6
IscBind Version9.9.3
IscBind Version9.9.3 Updates1
IscBind Version9.9.10 Updatebeta1
IscBind Version9.9.10 Updaterc1
IscBind Version9.10.4 Updatep1
IscBind Version9.10.4 Updatep2
IscBind Version9.10.4 Updatep3
IscBind Version9.10.4 Updatep4
IscBind Version9.10.4 Updatep5
IscBind Version9.10.4 Updatep6
IscBind Version9.10.5 Updateb1
IscBind Version9.10.5 Updaterc1
IscBind Version9.11.0
IscBind Version9.11.0 Updatep1
IscBind Version9.11.0 Updatep2
IscBind Version9.11.0 Updatep3
IscBind Version9.11.1 Updatebeta1
IscBind Version9.11.1 Updaterc1
NetappData Ontap Edge Version-
NetappElement Software Version-
NetappOncommand Balance Version-
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.09% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
security-officer@isc.org 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://security.gentoo.org/glsa/201708-01
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
http://www.securityfocus.com/bid/97653
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038259
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1095
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1105
Third Party Advisory
https://kb.isc.org/docs/aa-01465
Vendor Advisory
https://security.netapp.com/advisory/ntap-20180802-0002/
Third Party Advisory
https://www.debian.org/security/2017/dsa-3854
Third Party Advisory