CVE-2017-3140

Published: 16 January 2019

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
bind9
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1:9.10.3.dfsg.P4-8ubuntu1.6)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:9.9.5.dfsg-3ubuntu0.14)

Notes

AuthorNote
tyhicks
Per ISC, "... affecting 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1,
and 9.10.5-S1"
Introduced by change #4377, which is not applied in any Ubuntu
releases

References