VDB
ALPINE-CVE-2017-3143
ALPINE-CVE-2017-3143
PUBLISHED
CVSS 5.900000095367432 MEDIUM
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Risk Scores
CVSS v3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.4 | bind | 0, 9.9.5-r0, 9.9.4 |
| Alpine:v3.7 | bind | 9.7.0, 9.7.0, 9.7.1-r0 |
| Alpine:v3.5 | bind | 9.9.5-r0, 0, 9.10.0-r0 |
| Alpine:v3.6 | bind | 9.6.1_p2-r1, 9.6.0_p1-r1, 9.6.0_p1-r0 |
| Alpine:v3.3 | bind | 0, 9.10.0-r0, 9.10.0_p1-r0 |
Timeline
- Jan 16, 2019 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch