Lucene search

K
nvd[email protected]NVD:CVE-2017-3135
HistoryJan 16, 2019 - 8:29 p.m.

CVE-2017-3135

2019-01-1620:29:00
CWE-476
web.nvd.nist.gov
7
dns64
rpz
query processing
bind 9.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.133

Percentile

95.7%

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Affected configurations

Nvd
Node
iscbindMatch9.9.3
OR
iscbindMatch9.9.3s1
OR
iscbindMatch9.9.8
OR
iscbindMatch9.9.9p5
OR
iscbindMatch9.9.9s7
OR
iscbindMatch9.9.10beta1
OR
iscbindMatch9.10.0
OR
iscbindMatch9.10.4p1
OR
iscbindMatch9.10.4p2
OR
iscbindMatch9.10.4p3
OR
iscbindMatch9.10.4p4
OR
iscbindMatch9.10.4p5
OR
iscbindMatch9.10.5beta1
OR
iscbindMatch9.11.0
OR
iscbindMatch9.11.0p1
OR
iscbindMatch9.11.0p2
OR
iscbindMatch9.11.1beta1
Node
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_eusMatch7.3
OR
redhatenterprise_linux_server_eusMatch7.4
OR
redhatenterprise_linux_server_eusMatch7.5
OR
redhatenterprise_linux_server_eusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_workstationMatch7.0
Node
netappdata_ontap_edgeMatch-
OR
netappelement_software_management_nodeMatch-
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
VendorProductVersionCPE
iscbind9.9.3cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
iscbind9.9.3cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*
iscbind9.9.8cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*
iscbind9.9.10cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
iscbind9.10.0cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
iscbind9.10.4cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
iscbind9.10.4cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*
iscbind9.10.4cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*
Rows per page:
1-10 of 331

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.133

Percentile

95.7%