CVE-2017-3137

2019-01-1620:29:00

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.191 Low

EPSS

Percentile

96.2%

JSON

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

CPENameOperatorVersion
bindeq9.9.4-r1
bindeq9.10.1-r1
bindeq9.6.1_p1-r1
bindeq9.7.2_p2-r1
bindeq9.10.2-r1
bindeq9.6.0_p1-r1
bindeq9.8.0_p4-r1
bindeq9.9.5-r1
bindeq9.7.0_p1-r1
bindeq9.10.2_p4-r1

Name	Operator	Version
bind	eq	9.9.4-r1
bind	eq	9.10.1-r1
bind	eq	9.6.1_p1-r1
bind	eq	9.7.2_p2-r1
bind	eq	9.10.2-r1
bind	eq	9.6.0_p1-r1
bind	eq	9.8.0_p4-r1
bind	eq	9.9.5-r1
bind	eq	9.7.0_p1-r1
bind	eq	9.10.2_p4-r1