CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Published: Jan 16, 2019
Updated: Apr 13, 2023
CVE: CVE-2017-3145
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
isc / bind	9.9.3-s1	9.9.3-s1.x
isc / bind	9.10.5-s1	9.10.5-s1.x
isc / bind	9.4.0	9.8.8.x
isc / bind	9.12.0-b1	9.12.0-b1.x
isc / bind	9.12.0-b2	9.12.0-b2.x
isc / bind	9.12.0-rc1	9.12.0-rc1.x
isc / bind	9.12.0-alpha1	9.12.0-alpha1.x
isc / bind	9.10.6-s1	9.10.6-s1.x
isc / bind	9.9.11-s1	9.9.11-s1.x
isc / bind	9.11.0	9.11.2.x
isc / bind	9.10.0	9.10.6.x
isc / bind	9.9.0	9.9.11.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_server_aus	7.2	7.2.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server_tus	7.2	7.2.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_aus	6.6	6.6.x
redhat / enterprise_linux_server_aus	6.5	6.5.x
redhat / enterprise_linux_server_aus	6.4	6.4.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.3	7.3.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.5	7.5.x
redhat / enterprise_linux_server_eus	6.7	6.7.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_server_tus	6.6	6.6.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	9.0	9.0.x
juniper / junos	12.1x46-d76	12.1x46-d76.x
juniper / junos	12.3x48-d70	12.3x48-d70.x
juniper / junos	15.1x49-d140	15.1x49-d140.x
juniper / junos	17.4r2	17.4r2.x
juniper / junos	18.1r2	18.1r2.x
juniper / junos	18.2r1	18.2r1.x

Vulnerability Database

289,689

CVE-2017-3145