Published: 09/04/2019 Updated: 14/05/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Enterprise Linux Server Eus

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux server eus 6.7
redhat enterprise linux server tus 6.6
redhat enterprise linux server aus 6.6
redhat enterprise linux server tus 6.5
redhat enterprise linux server aus 6.2
redhat enterprise linux server aus 6.4
redhat enterprise linux server aus 6.5

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 62 Advanced Update Support, Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red ...

Debian Bug report logs - #860224 bind9: CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Da ...

Debian Bug report logs - #860226 bind9: CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, ...

Debian Bug report logs - #889285 bind9: CVE-2018-5735: assertion failure in validatorc:1858 Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Vladislav Kurz <vladislavkurz@webstepnet> Date: Sat, 3 Feb 2018 10:15: ...

Debian Bug report logs - #860225 bind9: CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu ...

A denial of service flaw was found in the way BIND handled DNSSEC validationA remote attacker could use this flaw to make named exit unexpectedly with anassertion failure via a specially crafted DNS response (CVE-2017-3139) ...

Impact: Important Public Date: 2017-05-08 Bugzilla: 1447743: CVE-2017-3139 bind: assertion failure in DN ...

CWE-617 https://bugzilla.redhat.com/show_bug.cgi?id=1447743 https://access.redhat.com/security/cve/cve-2017-3139 https://access.redhat.com/errata/RHSA-2017:1202 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2017-833.html

Get Started

CVE-2017-3139

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect