CVE-2017-3135
bind9 - security update
5.9
MEDIUM
CVSS 3.1
EPSS 45.4%
Description
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
How to fix CVE-2017-3135
To remediate CVE-2017-3135, upgrade the affected package to a fixed version below.
- —upgrade to 9.10.4_p6-r0 or later
- —upgrade to 1:9.10.3.dfsg.P4-12 or later
- —upgrade to 1:9.8.4.dfsg.P1-6+nmu2+deb7u15 or later
- —upgrade to 1:9.9.5.dfsg-9+deb8u10 or later
Is CVE-2017-3135 being exploited?
Moderate — EPSS is 45.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 9.10.4_p6-r0
- from 0, < 1:9.10.3.dfsg.P4-12
- from 0, < 1:9.8.4.dfsg.P1-6+nmu2+deb7u15
- from 0, < 1:9.9.5.dfsg-9+deb8u10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |