CVE-2017-3140

Publication date 16 January 2019

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

Read the notes from the security team

Status

Package Ubuntu Release Status
bind9 17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Notes


tyhicks

Per ISC, "... affecting 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1" Introduced by change #4377, which is not applied in any Ubuntu releases

Severity score breakdown

Parameter Value
Base score 5.9 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H