Published: 16/01/2019 Updated: 21/06/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 449

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.9.3
isc bind 9.10.5
isc bind
isc bind 9.12.0
isc bind 9.10.6
isc bind 9.9.11
redhat enterprise linux desktop 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux workstation 7.0
redhat enterprise linux server tus 7.2
redhat enterprise linux server 7.0
redhat enterprise linux server aus 6.6
redhat enterprise linux server aus 6.5
redhat enterprise linux server aus 6.4
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server tus 7.3
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server eus 7.3
redhat enterprise linux server eus 7.4
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 6.7
redhat enterprise linux server tus 7.6
redhat enterprise linux server eus 7.6
redhat enterprise linux server aus 7.6
redhat enterprise linux server tus 6.6
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0
netapp data ontap edge -
juniper junos 12.1x46-d76
juniper junos 12.3x48-d70
juniper junos 15.1x49-d140
juniper junos 17.4r2
juniper junos 18.1r2
juniper junos 18.2r1

Bind could be made to crash if it received specially crafted network traffic ...

Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named For the oldstable distribution (jessie), this problem has been fixed in version 1:995dfsg-9+deb8u15 For the stabl ...

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red Hat Enterprise Linux 66 Advanced Update Support, Red Hat Enterpri ...

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, Red Hat Enterprise Linux 72 Update Services for SAP Solutions, ...

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...

Improper fetch cleanup sequencing in the resolver can cause named to crashA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly ...

Improper fetch cleanup sequencing in the resolver can cause named to crash:A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly ...

A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request ...

A use-after-free flaw leading to denial of service was found in the way BIND before 9112P1, 9106-P1 and 9911-P1 internally handled cleanup operations on upstream recursion fetch contexts A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a ...

CWE-416 https://kb.isc.org/docs/aa-01542 https://www.debian.org/security/2018/dsa-4089 https://security.netapp.com/advisory/ntap-20180117-0003/https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html https://access.redhat.com/errata/RHSA-2018:0488 https://access.redhat.com/errata/RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0101 http://www.securitytracker.com/id/1040195 http://www.securityfocus.com/bid/102716 https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named https://usn.ubuntu.com/3535-1/https://nvd.nist.gov

Get Started

CVE-2017-3145

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect