#VU7227 Assertion failure in ISC BIND - CVE-2017-3137
Published: June 28, 2017 / Updated: November 28, 2018
Vulnerability identifier: #VU7227
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-3137
CWE-ID: CWE-617
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ISC BIND
ISC BIND
Software vendor:
ISC
ISC
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing query response containing CNAME or DNAME resource records in an unusual order in BIND. A remote attacker can trigger assertion failure and crash BIND application.
The vulnerability exists due to improper input validation when processing query response containing CNAME or DNAME resource records in an unusual order in BIND. A remote attacker can trigger assertion failure and crash BIND application.
Remediation
The vulnerability has been addressed in the versions 9.9.9-P8, 9.10.4-P8, 9.11.0-P5.