CVE-2017-3140

EPSS 20.4%
Published 16.01.2019 20:29:00
Last modified 21.11.2024 03:24:55
Source security-officer@isc.org
Teams watchlist Login
Open Login

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

Affected products Warnungen 0 Metrics 4 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version >= 9.11.0 <= 9.11.1

Isc ≫ Bind Version9.9.10

Isc ≫ Bind Version9.9.10 Updates1

Isc ≫ Bind Version9.10.5

Isc ≫ Bind Version9.10.5 Updates1

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ Element Software Version-

Netapp ≫ Oncommand Balance Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	20.4%	0.95

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
security-officer@isc.org	3.7	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://security.gentoo.org/glsa/201708-01

Third Party Advisory

http://www.securityfocus.com/bid/99088

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038692

Third Party Advisory

VDB Entry

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us

Third Party Advisory

https://kb.isc.org/docs/aa-01495

Vendor Advisory