CVE-2017-3137

EPSS 34.71%
Published 16.01.2019 20:29:00
Last modified 21.11.2024 03:24:54
Source security-officer@isc.org
Teams watchlist Login
Open Login

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

Affected products Warnungen 0 Metrics 4 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version9.9.9 Updatep6

Isc ≫ Bind Version9.9.9 Updates8

Isc ≫ Bind Version9.9.10 Updatebeta1

Isc ≫ Bind Version9.9.10 Updaterc1

Isc ≫ Bind Version9.10.4 Updatep6

Isc ≫ Bind Version9.10.5 Updateb1

Isc ≫ Bind Version9.10.5 Updaterc1

Isc ≫ Bind Version9.11.0 Updatep3

Isc ≫ Bind Version9.11.1 Updateb1

Isc ≫ Bind Version9.11.1 Updaterc1

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version6.2

Redhat ≫ Enterprise Linux Server Aus Version6.4

Redhat ≫ Enterprise Linux Server Aus Version6.5

Redhat ≫ Enterprise Linux Server Aus Version6.6

Redhat ≫ Enterprise Linux Server Aus Version7.2

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version6.7

Redhat ≫ Enterprise Linux Server Eus Version7.2

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version6.5

Redhat ≫ Enterprise Linux Server Tus Version6.6

Redhat ≫ Enterprise Linux Server Tus Version7.2

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ Element Software Version-

Netapp ≫ Oncommand Balance Version-

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	34.71%	0.966

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://access.redhat.com/errata/RHSA-2017:1583

Third Party Advisory

https://security.gentoo.org/glsa/201708-01

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1582

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1095

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:1105

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180802-0002/

Third Party Advisory