ALPINE-CVE-2017-3135

ALPINE-CVE-2017-3135 PUBLISHED CVSS 5.900000095367432 MEDIUM

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Risk Scores

CVSS v3.0

5.900000095367432

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.4	bind	9.9.1-r0, *, 0
Alpine:v3.5	bind	, , *
Alpine:v3.3	bind	9.7.2_p1-r0, 0, 9.10.0-r0
Alpine:v3.2	bind	0, 9.9.5-r0, 9.9.4

Timeline

Jan 16, 2019 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2017-3135 advisory

Open in Interactive Console →