Published: 16/01/2019 Updated: 20/10/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.10.4
isc bind
isc bind 9.11.1
isc bind 9.11.0
isc bind 9.9.10
isc bind 9.9.0
isc bind 9.9.3
isc bind 9.10.5
isc bind 9.8.0
redhat enterprise linux server tus 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux workstation 6.0
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.6
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.6
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server eus 7.3
redhat enterprise linux server 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server aus 7.4
redhat enterprise linux server eus 7.4
redhat enterprise linux desktop 6.0
netapp oncommand balance -
netapp element software -
netapp data ontap edge -
debian debian linux 8.0

Several security issues were fixed in Bind ...

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Several vulnerabilities were discovered in BIND, a DNS server implementation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the "break-dnssec yes;" option, allowing a remote att ...

Debian Bug report logs - #860224 bind9: CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Da ...

Debian Bug report logs - #860226 bind9: CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, ...

Debian Bug report logs - #889285 bind9: CVE-2018-5735: assertion failure in validatorc:1858 Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Vladislav Kurz <vladislavkurz@webstepnet> Date: Sat, 3 Feb 2018 10:15: ...

Debian Bug report logs - #860225 bind9: CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu ...

A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response (CVE-2017-3137) A denial of service flaw was found in the way BIND handled q ...

A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request ...

A security issue has been found in bind, where an error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" ...

CWE-617 https://kb.isc.org/docs/aa-01465 https://www.debian.org/security/2017/dsa-3854 https://security.netapp.com/advisory/ntap-20180802-0002/https://security.gentoo.org/glsa/201708-01 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us https://access.redhat.com/errata/RHSA-2017:1105 https://access.redhat.com/errata/RHSA-2017:1095 http://www.securitytracker.com/id/1038259 http://www.securityfocus.com/bid/97653 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://usn.ubuntu.com/3259-1/https://nvd.nist.gov

Get Started

CVE-2017-3136

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect