CVE-2017-3137

Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 16 Jan 2019, 20:00
Last modified:17 Sept 2024, 01:02

Vulnerability Summary

Overall Risk (default)
medium
36/100
CVSS Score
7.5 HIGH
v3.0 (cve.org)
EPSS Score
28.5% HIGH
28% probability -5.75%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Jan 2019, 20:00
Published
Vulnerability first disclosed
17 Sept 2024, 01:02
Last Modified
Vulnerability information updated

Description

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

CVSS Metrics

  • v3.0HIGHScore: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 28.50% Percentile: 97%

Techniques & Countermeasures

  • CWE-617Reachable Assertion

    The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

  • debiandebian_linux

    8.0

  • iscbind

    9.9.9:p6 | 9.9.9:s8 | 9.9.10:beta1 | 9.9.10:rc1 | 9.10.4:p6 | 9.10.5:b1 | 9.10.5:rc1 | 9.11.0:p3 | 9.11.1:b1 | 9.11.1:rc1

  • iscbind 9

    9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8

  • netappdata_ontap_edge

    na

  • netappelement_software

    na

  • netapponcommand_balance

    na

  • redhatenterprise_linux_desktop

    6.0 | 7.0

  • redhatenterprise_linux_server

    6.0 | 7.0

  • redhatenterprise_linux_server_aus

    6.2 | 6.4 | 6.5 | 6.6 | 7.2 | 7.3 | 7.4 | 7.6

  • redhatenterprise_linux_server_eus

    6.7 | 7.2 | 7.3 | 7.4 | 7.5 | 7.6

  • redhatenterprise_linux_server_tus

    6.5 | 6.6 | 7.2 | 7.3 | 7.6

  • redhatenterprise_linux_workstation

    6.0 | 7.0

References (11)