7.5
CVE-2017-3139
- EPSS 0.72%
- Veröffentlicht 09.04.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:24:54
- Quelle security-officer@isc.org
- Teams Watchlist Login
- Unerledigt Login
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Server Aus Version6.2
Redhat ≫ Enterprise Linux Server Aus Version6.4
Redhat ≫ Enterprise Linux Server Aus Version6.5
Redhat ≫ Enterprise Linux Server Aus Version6.6
Redhat ≫ Enterprise Linux Server Eus Version6.7
Redhat ≫ Enterprise Linux Server Tus Version6.5
Redhat ≫ Enterprise Linux Server Tus Version6.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.72% | 0.716 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.