Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Published

2019-01-16T20:29:00.690

Last Modified

2024-11-21T03:24:55.717

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	≤ 9.8.8	Yes
Application	isc	bind	≤ 9.9.11	Yes
Application	isc	bind	≤ 9.10.6	Yes
Application	isc	bind	≤ 9.11.2	Yes
Application	isc	bind	9.9.3	Yes
Application	isc	bind	9.9.11	Yes
Application	isc	bind	9.10.5	Yes
Application	isc	bind	9.10.6	Yes
Application	isc	bind	9.12.0	Yes
Application	isc	bind	9.12.0	Yes
Application	isc	bind	9.12.0	Yes
Application	isc	bind	9.12.0	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	6.4	Yes
Operating System	redhat	enterprise_linux_server_aus	6.5	Yes
Operating System	redhat	enterprise_linux_server_aus	6.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.2	Yes
Operating System	redhat	enterprise_linux_server_aus	7.3	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_eus	6.7	Yes
Operating System	redhat	enterprise_linux_server_eus	7.3	Yes
Operating System	redhat	enterprise_linux_server_eus	7.4	Yes
Operating System	redhat	enterprise_linux_server_eus	7.5	Yes
Operating System	redhat	enterprise_linux_server_eus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	6.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.2	Yes
Operating System	redhat	enterprise_linux_server_tus	7.3	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Application	netapp	data_ontap_edge	-	Yes
Operating System	juniper	junos	12.1x46-d76	Yes
Operating System	juniper	junos	12.3x48-d70	Yes
Operating System	juniper	junos	15.1x49-d140	Yes
Operating System	juniper	junos	17.4r2	Yes
Operating System	juniper	junos	18.1r2	Yes
Operating System	juniper	junos	18.2r1	Yes
Hardware	juniper	srx100	-	No
Hardware	juniper	srx110	-	No
Hardware	juniper	srx1400	-	No
Hardware	juniper	srx1500	-	No
Hardware	juniper	srx210	-	No
Hardware	juniper	srx220	-	No
Hardware	juniper	srx240	-	No
Hardware	juniper	srx240h2	-	No
Hardware	juniper	srx240m	-	No
Hardware	juniper	srx300	-	No
Hardware	juniper	srx320	-	No
Hardware	juniper	srx340	-	No
Hardware	juniper	srx3400	-	No
Hardware	juniper	srx345	-	No
Hardware	juniper	srx3600	-	No
Hardware	juniper	srx380	-	No
Hardware	juniper	srx4000	-	No
Hardware	juniper	srx4100	-	No
Hardware	juniper	srx4200	-	No
Hardware	juniper	srx4600	-	No
Hardware	juniper	srx5000	-	No
Hardware	juniper	srx5400	-	No
Hardware	juniper	srx550	-	No
Hardware	juniper	srx550_hm	-	No
Hardware	juniper	srx550m	-	No
Hardware	juniper	srx5600	-	No
Hardware	juniper	srx5800	-	No
Hardware	juniper	srx650	-	No

References

http://www.securityfocus.com/bid/102716 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040195 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2018:0101 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0102 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0487 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0488 Third Party Advisory ([email protected])
https://kb.isc.org/docs/aa-01542 Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20180117-0003/ Third Party Advisory ([email protected])
https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named Third Party Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4089 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/102716 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040195 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0101 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0102 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0487 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0488 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/docs/aa-01542 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20180117-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4089 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)