CVE-2017-3137

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

Published : 2019-01-16 20:29 Updated : 2019-10-09 23:27

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p6
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:s8
Isc Bind 9.9.10 cpe:/a:isc:bind:9.9.10:beta1
Isc Bind 9.9.10 cpe:/a:isc:bind:9.9.10:rc1
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p6
Isc Bind 9.10.5 cpe:/a:isc:bind:9.10.5:b1
Isc Bind 9.10.5 cpe:/a:isc:bind:9.10.5:rc1
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0:p3
Isc Bind 9.11.1 cpe:/a:isc:bind:9.11.1:b1
Isc Bind 9.11.1 cpe:/a:isc:bind:9.11.1:rc1
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
Netapp Element Software - cpe:/a:netapp:element_software:-
Netapp Oncommand Balance - cpe:/a:netapp:oncommand_balance:-
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 6.2 cpe:/o:redhat:enterprise_linux_server_aus:6.2
Redhat Enterprise Linux Server Aus 6.4 cpe:/o:redhat:enterprise_linux_server_aus:6.4
Redhat Enterprise Linux Server Aus 6.5 cpe:/o:redhat:enterprise_linux_server_aus:6.5
Redhat Enterprise Linux Server Aus 6.6 cpe:/o:redhat:enterprise_linux_server_aus:6.6
Redhat Enterprise Linux Server Aus 7.2 cpe:/o:redhat:enterprise_linux_server_aus:7.2
Redhat Enterprise Linux Server Aus 7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.3
Redhat Enterprise Linux Server Aus 7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.4
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 6.7 cpe:/o:redhat:enterprise_linux_server_eus:6.7
Redhat Enterprise Linux Server Eus 7.2 cpe:/o:redhat:enterprise_linux_server_eus:7.2
Redhat Enterprise Linux Server Eus 7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.3
Redhat Enterprise Linux Server Eus 7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.4
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 6.5 cpe:/o:redhat:enterprise_linux_server_tus:6.5
Redhat Enterprise Linux Server Tus 6.6 cpe:/o:redhat:enterprise_linux_server_tus:6.6
Redhat Enterprise Linux Server Tus 7.2 cpe:/o:redhat:enterprise_linux_server_tus:7.2
Redhat Enterprise Linux Server Tus 7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.3
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
  1. Isc (1) Search CVE
    1. Bind (6) Search CVE
      1. 9.9.9
      2. 9.9.10
      3. 9.10.4
      4. 9.10.5
      5. 9.11.0
      6. 9.11.1
  2. Netapp (3) Search CVE
    1. Oncommand Balance (1) Search CVE
      1. -
    2. Element Software (1) Search CVE
      1. -
    3. Data Ontap Edge (1) Search CVE
      1. -
  3. Redhat (6) Search CVE
    1. Enterprise Linux Server Tus (5) Search CVE
      1. 6.5
      2. 6.6
      3. 7.2
      4. 7.3
      5. 7.6
    2. Enterprise Linux Server Aus (8) Search CVE
      1. 6.2
      2. 6.4
      3. 6.5
      4. 6.6
      5. 7.2
      6. 7.3
      7. 7.4
      8. 7.6
    3. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    4. Enterprise Linux Desktop (2) Search CVE
      1. 6.0
      2. 7.0
    5. Enterprise Linux Server Eus (6) Search CVE
      1. 6.7
      2. 7.2
      3. 7.3
      4. 7.4
      5. 7.5
      6. 7.6
    6. Enterprise Linux Workstation (2) Search CVE
      1. 6.0
      2. 7.0
  4. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0

CWE

ID Name Description Links
CWE-617 Reachable Assertion The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. CVE

History of changes

Date Event
2019-10-03 00:03
2019-02-11 19:48
2019-01-17 11:29
2019-01-16 20:29

New CVE