{"containers": {"cna": {"affected": [{"product": "BIND 9", "vendor": "ISC", "versions": [{"status": "affected", "version": "9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1"}]}], "credits": [{"lang": "en", "value": "ISC would like to thank Jayachandran Palanisamy of Cygate AB for making us aware of this vulnerability."}], "datePublic": "2018-01-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "While this bug has existed in BIND since 9.0.0, there are no known code paths leading to it in ISC releases prior to those containing the fix for CVE-2017-3137. Thus while all instances of BIND ought to be patched, only ISC versions [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1] acting as DNSSEC validating resolvers are currently known to crash due to this bug. The known crash is an assertion failure in netaddr.c.", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2023-06-16T16:28:34.033Z"}, "references": [{"name": "RHSA-2018:0102", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0102"}, {"name": "RHSA-2018:0487", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0487"}, {"name": "DSA-4089", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4089"}, {"name": "RHSA-2018:0488", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0488"}, {"name": "RHSA-2018:0101", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0101"}, {"name": "1040195", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040195"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/aa-01542"}, {"name": "102716", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102716"}, {"name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1255-1] bind9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180117-0003/"}, {"tags": ["vendor-advisory", "x_refsource_CONFIRM"], "url": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named"}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.11-P1\n BIND 9 version 9.10.6-P1\n BIND 9 version 9.11.2-P1\n BIND 9 version 9.12.0rc2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.11-S2\n BIND 9 version 9.10.6-S2"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper fetch cleanup sequencing in the resolver can cause named to crash", "workarounds": [{"lang": "en", "value": "If an operator is experiencing crashes due to this, temporarily disabling DNSSEC validation can be used to avoid the known problematic code path while replacement builds are prepared."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2018-01-16T00:00:00.000Z", "ID": "CVE-2017-3145", "STATE": "PUBLIC", "TITLE": "Improper fetch cleanup sequencing in the resolver can cause named to crash"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIND 9", "version": {"version_data": [{"version_value": "9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1"}]}}]}, "vendor_name": "ISC"}]}}, "credit": [{"lang": "eng", "value": "ISC would like to thank Jayachandran Palanisamy of Cygate AB for making us aware of this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "While this bug has existed in BIND since 9.0.0, there are no known code paths leading to it in ISC releases prior to those containing the fix for CVE-2017-3137. Thus while all instances of BIND ought to be patched, only ISC versions [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1] acting as DNSSEC validating resolvers are currently known to crash due to this bug. The known crash is an assertion failure in netaddr.c."}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:0102", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0102"}, {"name": "RHSA-2018:0487", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0487"}, {"name": "DSA-4089", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4089"}, {"name": "RHSA-2018:0488", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0488"}, {"name": "RHSA-2018:0101", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0101"}, {"name": "1040195", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040195"}, {"name": "https://kb.isc.org/docs/aa-01542", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01542"}, {"name": "102716", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102716"}, {"name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1255-1] bind9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html"}, {"name": "https://security.netapp.com/advisory/ntap-20180117-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180117-0003/"}, {"name": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named", "refsource": "CONFIRM", "url": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named"}]}, "solution": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.11-P1\n BIND 9 version 9.10.6-P1\n BIND 9 version 9.11.2-P1\n BIND 9 version 9.12.0rc2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.11-S2\n BIND 9 version 9.10.6-S2"}], "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "If an operator is experiencing crashes due to this, temporarily disabling DNSSEC validation can be used to avoid the known problematic code path while replacement builds are prepared."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:16:28.228Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:0102", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0102"}, {"name": "RHSA-2018:0487", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0487"}, {"name": "DSA-4089", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4089"}, {"name": "RHSA-2018:0488", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0488"}, {"name": "RHSA-2018:0101", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0101"}, {"name": "1040195", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040195"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/docs/aa-01542"}, {"name": "102716", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102716"}, {"name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1255-1] bind9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180117-0003/"}, {"tags": ["vendor-advisory", "x_refsource_CONFIRM", "x_transferred"], "url": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named"}]}]}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3145", "datePublished": "2019-01-16T20:00:00.000Z", "dateReserved": "2016-12-02T00:00:00.000Z", "dateUpdated": "2024-09-17T00:10:46.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "343E9DD3-BBEA-4385-9A8E-0675BE74EC43", "versionEndIncluding": "9.8.8", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EFFE58B-0BAE-43FF-94BD-F03D0FC31BC4", "versionEndIncluding": "9.9.11", "versionStartIncluding": "9.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD179483-9754-4498-AE38-4CF1EB8F4063", "versionEndIncluding": "9.10.6", "versionStartIncluding": "9.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E5186B7-78C5-486D-97D7-E64B9709ED65", "versionEndIncluding": "9.11.2", "versionStartIncluding": "9.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "matchCriteriaId": "FCC182A9-5989-4A87-A3BA-F1CFAEDC95E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.11:s1:*:*:*:*:*:*", "matchCriteriaId": "1B9BC3D9-B2F6-4995-A757-E1BB68BC7F8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "matchCriteriaId": "82A6F259-EB06-4F31-9F68-A76F257756DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.6:s1:*:*:*:*:*:*", "matchCriteriaId": "9B6C3FDB-B57C-4DF5-AFDB-EEF17F5DAE08", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "646FE55D-D8DF-483E-8DBE-65FB8A3FC18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*", "matchCriteriaId": "1653E806-4F31-4ACA-B51F-5F0067D99208", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*", "matchCriteriaId": "8E5AB236-CBDE-48F3-B6E1-5C6B08996ED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F57F84D2-76D0-42B9-BA61-96204F527B7A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.1x46-d76:-:*:*:*:*:*:*", "matchCriteriaId": "D6A2BAF7-8D71-474C-9F72-FF5DABC69749", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48-d70:-:*:*:*:*:*:*", "matchCriteriaId": "EAB0418C-F53F-4CA9-9AC3-4735A06B19C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1x49-d140:-:*:*:*:*:*:*", "matchCriteriaId": "63C3C7CE-3877-462F-ACAE-61E196D6F1B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:17.4r2:-:*:*:*:*:*:*", "matchCriteriaId": "BF8F91A3-DAC7-42E7-8722-17C57115F9AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1r2:-:*:*:*:*:*:*", "matchCriteriaId": "E33DCDB7-DE93-406F-AF78-BD3D9E8D4E2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.2r1:-:*:*:*:*:*:*", "matchCriteriaId": "B6F40716-E190-4C67-BCF8-831069B95398", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB0D31FF-0812-42B8-B25E-03C35EC1B021", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*", "matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*", "matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1."}, {"lang": "es", "value": "BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursi\u00f3n ascendente, lo que conduce en algunos casos a un error de uso de memoria previamente liberada que puede desencadenar un fallo de aserci\u00f3n y un cierre inesperado en named. Afecta a BIND desde la versi\u00f3n 9.0.0 hasta la versi\u00f3n 9.8.x, desde la versi\u00f3n 9.9.0 hasta la versi\u00f3n 9.9.11, desde la versi\u00f3n 9.10.0 hasta la versi\u00f3n 9.10.6, desde la versi\u00f3n 9.11.0 hasta la versi\u00f3n 9.11.2, desde la versi\u00f3n 9.9.3-S1 hasta la versi\u00f3n 09.9.11-S1, desde la versi\u00f3n 9.10.5-S1 hasta la versi\u00f3n 9.10.6-S1 y desde la 9.12.0a1 hasta la 9.12.0rc1."}], "id": "CVE-2017-3145", "lastModified": "2024-11-21T03:24:55.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-16T20:29:00.690", "references": [{"source": "security-officer@isc.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102716"}, {"source": "security-officer@isc.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040195"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0101"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0102"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0487"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0488"}, {"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/aa-01542"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180117-0003/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0488"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/aa-01542"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180117-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4089"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "affected_release": [{"advisory": "RHSA-2018:0101", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "bind-32:9.8.2-0.62.rc1.el6_9.5", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2018-01-22T00:00:00Z"}, {"advisory": "RHSA-2018:0487", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "bind-32:9.8.2-0.17.rc1.el6_4.13", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0487", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "bind-32:9.8.2-0.23.rc1.el6_5.8", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0487", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "bind-32:9.8.2-0.30.rc1.el6_6.10", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0487", "cpe": "cpe:/o:redhat:rhel_tus:6.6", "package": "bind-32:9.8.2-0.30.rc1.el6_6.10", "product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0487", "cpe": "cpe:/o:redhat:rhel_eus:6.7", "package": "bind-32:9.8.2-0.37.rc1.el6_7.12", "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0102", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "bind-32:9.9.4-51.el7_4.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-01-22T00:00:00Z"}, {"advisory": "RHSA-2018:0488", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "bind-32:9.9.4-29.el7_2.8", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0488", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "bind-32:9.9.4-29.el7_2.8", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0488", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "bind-32:9.9.4-29.el7_2.8", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0488", "cpe": "cpe:/o:redhat:rhel_eus:7.3", "package": "bind-32:9.9.4-50.el7_3.3", "product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support", "release_date": "2018-03-12T00:00:00Z"}], "bugzilla": {"description": "bind: Improper fetch cleanup sequencing in the resolver can cause named to crash", "id": "1534812", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534812"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.", "A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request."], "name": "CVE-2017-3145", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-3145\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3145\nhttps://kb.isc.org/article/AA-01542"], "threat_severity": "Important"}

{}