CVE-2017-3145

HIGH7.5EPSS 8.0%

bind9 - security update

Published: 1/16/2019Modified: 4/28/2026

Description

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Affected packages (4)

Alpine/bindfrom 0, < 9.11.2_p1-r0
Debian/bind9from 0, < 1:9.11.2.P1-1
Debian/bind9from 0, < 1:9.8.4.dfsg.P1-6+nmu2+deb7u19
Debian/bind9from 0, < 1:9.9.5.dfsg-9+deb8u15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2017-3145
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-3145