Use-after-free error in ISC BIND - CVE-2017-3145
Published: January 17, 2018
Vulnerability identifier: #VU10030
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-3145
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ISC
Affected software:
ISC BIND
ISC BIND
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper sequencing cleanup operations on upstream recursion fetch contexts. A remote attacker can trigger use-after-free error that may lead to assertion failure and cause the BIND name server (named) process to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper sequencing cleanup operations on upstream recursion fetch contexts. A remote attacker can trigger use-after-free error that may lead to assertion failure and cause the BIND name server (named) process to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-3145
Update to version 9.9.11-P1, 9.10.6-P1, 9.11.2-P1 or 9.12.0rc2.