CVE-2017-3136

EPSS 48.52%
Veröffentlicht 16.01.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 03:24:54
Quelle security-officer@isc.org
CVE-Watchlists
Login
Unerledigt
Login

An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 14

NVD 47 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Bind Version >= 9.8.0 <= 9.8.8

Isc ≫ Bind Version >= 9.9.0 <= 9.9.9

Isc ≫ Bind Version >= 9.10.0 <= 9.10.4

Isc ≫ Bind Version9.8.0 Updatep1

Isc ≫ Bind Version9.9.0 Updatep1

Isc ≫ Bind Version9.9.0 Updatep2

Isc ≫ Bind Version9.9.0 Updatep3

Isc ≫ Bind Version9.9.0 Updatep4

Isc ≫ Bind Version9.9.0 Updatep5

Isc ≫ Bind Version9.9.0 Updatep6

Isc ≫ Bind Version9.9.3

Isc ≫ Bind Version9.9.3 Updates1

Isc ≫ Bind Version9.9.10 Updatebeta1

Isc ≫ Bind Version9.9.10 Updaterc1

Isc ≫ Bind Version9.10.4 Updatep1

Isc ≫ Bind Version9.10.4 Updatep2

Isc ≫ Bind Version9.10.4 Updatep3

Isc ≫ Bind Version9.10.4 Updatep4

Isc ≫ Bind Version9.10.4 Updatep5

Isc ≫ Bind Version9.10.4 Updatep6

Isc ≫ Bind Version9.10.5 Updateb1

Isc ≫ Bind Version9.10.5 Updaterc1

Isc ≫ Bind Version9.11.0

Isc ≫ Bind Version9.11.0 Updatep1

Isc ≫ Bind Version9.11.0 Updatep2

Isc ≫ Bind Version9.11.0 Updatep3

Isc ≫ Bind Version9.11.1 Updatebeta1

Isc ≫ Bind Version9.11.1 Updaterc1

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ Element Software Version-

Netapp ≫ Oncommand Balance Version-

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	48.52%	0.978

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
security-officer@isc.org	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://security.gentoo.org/glsa/201708-01

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

http://www.securityfocus.com/bid/97653

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038259

Third Party Advisory

VDB Entry