CVE-2017-3140
Published: 16 January 2019
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
Notes
Author | Note |
---|---|
tyhicks | Per ISC, "... affecting 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1" Introduced by change #4377, which is not applied in any Ubuntu releases |
Priority
CVSS 3 base score: 5.9
Status
Package | Release | Status |
---|---|---|
bind9 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Not vulnerable
(1:9.8.1.dfsg.P1-4ubuntu0.22)
|
|
trusty |
Not vulnerable
(1:9.9.5.dfsg-3ubuntu0.14)
|
|
xenial |
Not vulnerable
(1:9.10.3.dfsg.P4-8ubuntu1.6)
|
|
yakkety |
Not vulnerable
(1:9.10.3.dfsg.P4-10.1ubuntu1.6)
|
|
zesty |
Not vulnerable
(1:9.10.3.dfsg.P4-10.1ubuntu5)
|