Unrated severityNVD Advisory· Published Jan 16, 2019· Updated Sep 17, 2024
Improper fetch cleanup sequencing in the resolver can cause named to crash
CVE-2017-3145
Description
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
Affected products
36- osv-coords35 versionspkg:apk/chainguard/bindpkg:apk/chainguard/bind-devpkg:apk/chainguard/bind-dnssec-rootpkg:apk/chainguard/bind-dnssec-toolspkg:apk/chainguard/bind-docpkg:apk/chainguard/bind-libspkg:apk/chainguard/bind-pluginspkg:apk/chainguard/bind-toolspkg:apk/wolfi/bindpkg:apk/wolfi/bind-devpkg:apk/wolfi/bind-dnssec-rootpkg:apk/wolfi/bind-dnssec-toolspkg:apk/wolfi/bind-docpkg:apk/wolfi/bind-libspkg:apk/wolfi/bind-pluginspkg:apk/wolfi/bind-toolspkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweedpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%206
< 0+ 34 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.16.20-1.4
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.6P1-0.51.7.1
- (no CPE)range: < 9.9.6P1-0.51.7.1
- (no CPE)range: < 9.9.6P1-0.51.7.1
- (no CPE)range: < 9.9.6P1-0.51.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.6P1-0.51.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.6P1-0.51.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- (no CPE)range: < 9.9.9P1-63.7.1
- ISC/BIND 9v5Range: 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- access.redhat.com/errata/RHSA-2018:0101mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:0102mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:0487mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:0488mitrevendor-advisoryx_refsource_REDHAT
- supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-namedmitrevendor-advisoryx_refsource_CONFIRM
- www.debian.org/security/2018/dsa-4089mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/102716mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040195mitrevdb-entryx_refsource_SECTRACK
- kb.isc.org/docs/aa-01542mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/01/msg00029.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20180117-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.