CVE-2017-3135
HIGHBIND 9.8.8-9.11.1b1 DoS via DNS64 and RPZ Query Processing
Title source: llmDescription
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201708-01
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0276.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180926-0005/
Third Party Advisory x_refsource_confirm
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96150
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037801
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-3795
Vendor Advisory x_refsource_confirm
https://kb.isc.org/docs/aa-01453
Scores
CVSS v3
7.5
EPSS
0.3441
EPSS Percentile
97.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (25)
debian/debian_linux
8.0
debian/debian_linux
9.0
isc/bind
9.9.3 (2 CPE variants)
isc/bind
9.9.8
isc/bind
9.9.9 p5 (2 CPE variants)
isc/bind
9.9.10 beta1
isc/bind
9.10.0
isc/bind
9.10.4 p1 (5 CPE variants)
isc/bind
9.10.5 beta1
isc/bind
9.11.0 (3 CPE variants)
... and 15 more
Published
Jan 16, 2019
Tracked Since
Feb 18, 2026