VDB
CVE-2017-3135
CVE-2017-3135
PUBLISHED
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
EPSS 45.41% · 97.7th percentile
Risk Scores
EPSS Score
45.41%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | bind9 | 0, 1:9.9.5.dfsg-12.1, 1:9.9.5.dfsg-12.1ubuntu1 |
| Ubuntu:14.04:LTS | bind9 | *, 0, * |
Timeline
- Feb 8, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-3135 third-party-advisory
- https://kb.isc.org/article/AA-01453 third-party-advisory
- https://ubuntu.com/security/notices/USN-3201-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-3135 third-party-advisory