CVE-2017-3135

high-risk
Published 2019-01-16

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Do I need to act?

!
34.4% chance of exploitation in next 30 days
EPSS score — higher than 66% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Debian Redhat Isc Netapp

References (16)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0276.html
Third Party Advisory http://www.securityfocus.com/bid/96150
Third Party Advisory http://www.securitytracker.com/id/1037801
Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...
Vendor Advisory https://kb.isc.org/docs/aa-01453
Third Party Advisory https://security.gentoo.org/glsa/201708-01
Third Party Advisory https://security.netapp.com/advisory/ntap-20180926-0005/
Third Party Advisory https://www.debian.org/security/2017/dsa-3795
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0276.html
Third Party Advisory http://www.securityfocus.com/bid/96150
Third Party Advisory http://www.securitytracker.com/id/1037801
Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...
Vendor Advisory https://kb.isc.org/docs/aa-01453
Third Party Advisory https://security.gentoo.org/glsa/201708-01
Third Party Advisory https://security.netapp.com/advisory/ntap-20180926-0005/
Third Party Advisory https://www.debian.org/security/2017/dsa-3795
65
/ 100
high-risk
Severity 26/34 · High
Exploitability 16/34 · Moderate
Exposure 23/34 · High