CVE-2017-3140

Description

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

How to fix CVE-2017-3140

To remediate CVE-2017-3140, upgrade the affected package to a fixed version below.

Alpine/bind—upgrade to 9.11.3-r0 or later

Is CVE-2017-3140 being exploited?

Moderate — EPSS is 34.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 9.11.3-r0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2017-3140