CVE-2017-3140 An error processing RPZ rules can cause named to loop endlessly after handling a query

🗓️ 16 Jan 2019 20:00:00Reported by iscType

An error in RPZ rules processing can cause BIND to endlessly loop when handling a quer

Reporter	Title	Published	Views	Family All 48
ALT Linux	Security fix for the ALT Linux 8 package bind version 9.10.5.P3-alt1	11 Jul 201700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package bind version 9.10.5.P3-alt1	11 Jul 201700:00	–	altlinux
AlpineLinux	CVE-2017-3140	16 Jan 201920:00	–	alpinelinux
ArchLinux	[ASA-201706-18] bind: denial of service	15 Jun 201700:00	–	archlinux
Tenable Nessus	ISC BIND 9.x.x < 9.9.10-P1 / 9.10.x < 9.10.5-P1 / 9.11.x < 9.11.1-P1 Multiple Vulnerabilities	22 Jun 201700:00	–	nessus
Tenable Nessus	Fedora 24 : 32:bind / bind-dyndb-ldap / dnsperf (2017-001f135337)	13 Jul 201700:00	–	nessus
Tenable Nessus	Fedora 25 : 12:dhcp / bind99 (2017-167cfa7b09)	10 Jul 201700:00	–	nessus
Tenable Nessus	Fedora 26 : 32:bind (2017-43613b15ff)	17 Jul 201700:00	–	nessus
Tenable Nessus	Fedora 26 : 12:dhcp / bind99 (2017-87f1f8c798)	17 Jul 201700:00	–	nessus
Tenable Nessus	Fedora 25 : 32:bind / bind-dyndb-ldap / dnsperf (2017-d04f7ddd73)	6 Jul 201700:00	–	nessus

[
  {
    "product": "BIND 9",
    "vendor": "ISC",
    "versions": [
      {
        "status": "affected",
        "version": "9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1"
      }
    ]
  }
]

Source	Link
h20566	www.h20566.www2.hpe.com/hpsc/doc/public/display
kb	www.kb.isc.org/docs/aa-01495
securitytracker	www.securitytracker.com/id/1038692
securityfocus	www.securityfocus.com/bid/99088
security	www.security.netapp.com/advisory/ntap-20180926-0001/
security	www.security.gentoo.org/glsa/201708-01

17 Jan 2019 10:57Current

6.3Medium risk

Vulners AI Score6.3

CVSS 33.7

EPSS0.34362