CVE-2017-3136

EPSS 38.17%
Published 16.01.2019 20:29:00
Last modified 21.11.2024 03:24:54
Source security-officer@isc.org
Teams watchlist Login
Open Login

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.

Affected products Warnungen 0 Metrics 4 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version >= 9.8.0 <= 9.8.8

Isc ≫ Bind Version >= 9.9.0 <= 9.9.9

Isc ≫ Bind Version >= 9.10.0 <= 9.10.4

Isc ≫ Bind Version9.8.0 Updatep1

Isc ≫ Bind Version9.9.0 Updatep1

Isc ≫ Bind Version9.9.0 Updatep2

Isc ≫ Bind Version9.9.0 Updatep3

Isc ≫ Bind Version9.9.0 Updatep4

Isc ≫ Bind Version9.9.0 Updatep5

Isc ≫ Bind Version9.9.0 Updatep6

Isc ≫ Bind Version9.9.3

Isc ≫ Bind Version9.9.3 Updates1

Isc ≫ Bind Version9.9.10 Updatebeta1

Isc ≫ Bind Version9.9.10 Updaterc1

Isc ≫ Bind Version9.10.4 Updatep1

Isc ≫ Bind Version9.10.4 Updatep2

Isc ≫ Bind Version9.10.4 Updatep3

Isc ≫ Bind Version9.10.4 Updatep4

Isc ≫ Bind Version9.10.4 Updatep5

Isc ≫ Bind Version9.10.4 Updatep6

Isc ≫ Bind Version9.10.5 Updateb1

Isc ≫ Bind Version9.10.5 Updaterc1

Isc ≫ Bind Version9.11.0

Isc ≫ Bind Version9.11.0 Updatep1

Isc ≫ Bind Version9.11.0 Updatep2

Isc ≫ Bind Version9.11.0 Updatep3

Isc ≫ Bind Version9.11.1 Updatebeta1

Isc ≫ Bind Version9.11.1 Updaterc1

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ Element Software Version-

Netapp ≫ Oncommand Balance Version-

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	38.17%	0.971

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
security-officer@isc.org	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://security.gentoo.org/glsa/201708-01

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

http://www.securityfocus.com/bid/97653

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038259

Third Party Advisory

VDB Entry