CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Published : 2019-01-16 20:29 Updated : 2019-10-09 23:27

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Isc Bind 9.9.3 cpe:/a:isc:bind:9.9.3
Isc Bind 9.9.3 cpe:/a:isc:bind:9.9.3:s1
Isc Bind 9.9.8 cpe:/a:isc:bind:9.9.8
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p5
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:s7
Isc Bind 9.9.10 cpe:/a:isc:bind:9.9.10:beta1
Isc Bind 9.10.0 cpe:/a:isc:bind:9.10.0
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p1
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p2
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p3
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p4
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p5
Isc Bind 9.10.5 cpe:/a:isc:bind:9.10.5:beta1
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0:p1
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0:p2
Isc Bind 9.11.1 cpe:/a:isc:bind:9.11.1:beta1
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
Netapp Element Software Management Node - cpe:/a:netapp:element_software_management_node:-
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.3
Redhat Enterprise Linux Server Aus 7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.4
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.3
Redhat Enterprise Linux Server Eus 7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.4
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.3
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
  1. Isc (1) Search CVE
    1. Bind (9) Search CVE
      1. 9.9.3
      2. 9.9.8
      3. 9.9.9
      4. 9.9.10
      5. 9.10.0
      6. 9.10.4
      7. 9.10.5
      8. 9.11.0
      9. 9.11.1
  2. Netapp (2) Search CVE
    1. Element Software Management Node (1) Search CVE
      1. -
    2. Data Ontap Edge (1) Search CVE
      1. -
  3. Redhat (6) Search CVE
    1. Enterprise Linux Server Tus (2) Search CVE
      1. 7.3
      2. 7.6
    2. Enterprise Linux Server Aus (3) Search CVE
      1. 7.3
      2. 7.4
      3. 7.6
    3. Enterprise Linux Server (1) Search CVE
      1. 7.0
    4. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    5. Enterprise Linux Server Eus (4) Search CVE
      1. 7.3
      2. 7.4
      3. 7.5
      4. 7.6
    6. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
  4. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 9.0

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-02-08 19:48
2019-01-17 11:29
2019-01-16 20:29

New CVE