7.5

CVE-2017-3137

A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version9.9.9 Updatep6
IscBind Version9.9.9 Updates8
IscBind Version9.9.10 Updatebeta1
IscBind Version9.9.10 Updaterc1
IscBind Version9.10.4 Updatep6
IscBind Version9.10.5 Updateb1
IscBind Version9.10.5 Updaterc1
IscBind Version9.11.0 Updatep3
IscBind Version9.11.1 Updateb1
IscBind Version9.11.1 Updaterc1
NetappData Ontap Edge Version-
NetappElement Software Version-
NetappOncommand Balance Version-
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.9% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://access.redhat.com/errata/RHSA-2017:1583
Third Party Advisory
https://security.gentoo.org/glsa/201708-01
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1582
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1095
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1105
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180802-0002/
Third Party Advisory
https://www.debian.org/security/2017/dsa-3854
Third Party Advisory
http://www.securityfocus.com/bid/97651
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038258
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040195
Third Party Advisory
VDB Entry
https://kb.isc.org/docs/aa-01466
Vendor Advisory