CVE-2017-3136
Severity
5.9MEDIUM
EPSS
49.4%
top 2.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 13
Description
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5isc/bind_99.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8
Also affects: Debian Linux 8.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5
🔴Vulnerability Details
4GHSA▶
GHSA-835v-j5fw-qqvq: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate↗2022-05-13
CVEList▶
An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"↗2019-01-16
OSV▶
CVE-2017-3136: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate↗2019-01-16
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2017-3136 bind: Incorrect error handling causes assertion failure when using DNS64 with "break-dnssec yes;" [fedora-all]↗2017-04-13
Bugzilla▶
CVE-2017-3136 bind99: bind: Incorrect error handling causes assertion failure when using DNS64 with "break-dnssec yes;" [fedora-all]↗2017-04-13
Bugzilla▶
CVE-2017-3136 bind: Incorrect error handling causes assertion failure when using DNS64 with "break-dnssec yes;"↗2017-04-11