CVE-2017-3145

Source
https://cve.org/CVERecord?id=CVE-2017-3145
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3145.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-3145
Downstream
Related
Published
2019-01-16T20:29:00.690Z
Modified
2026-07-07T08:49:34.313669585Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "7.0"
                },
                {
                    "last_affected": "7.0"
                },
                {
                    "introduced": "8.0"
                },
                {
                    "last_affected": "8.0"
                },
                {
                    "introduced": "9.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "debian:debian_linux"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "9.12.0-alpha1"
                },
                {
                    "last_affected": "9.12.0-alpha1"
                },
                {
                    "introduced": "9.12.0-alpha1"
                },
                {
                    "last_affected": "9.12.0-alpha1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:isc:bind:9.12.0:alpha1:*:*:*:*:*:*"
            ],
            "vendor_product": "isc:bind"
        },
        {
            "cpes": [
                "cpe:2.3:o:juniper:junos:12.1x46-d76:-:*:*:*:*:*:*",
                "cpe:2.3:o:juniper:junos:12.3x48-d70:-:*:*:*:*:*:*",
                "cpe:2.3:o:juniper:junos:15.1x49-d140:-:*:*:*:*:*:*",
                "cpe:2.3:o:juniper:junos:17.4r2:-:*:*:*:*:*:*",
                "cpe:2.3:o:juniper:junos:18.1r2:-:*:*:*:*:*:*",
                "cpe:2.3:o:juniper:junos:18.2r1:-:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "12.1x46-d76-NA"
                },
                {
                    "last_affected": "12.1x46-d76-NA"
                },
                {
                    "introduced": "12.3x48-d70-NA"
                },
                {
                    "last_affected": "12.3x48-d70-NA"
                },
                {
                    "introduced": "15.1x49-d140-NA"
                },
                {
                    "last_affected": "15.1x49-d140-NA"
                },
                {
                    "introduced": "17.4r2-NA"
                },
                {
                    "last_affected": "17.4r2-NA"
                },
                {
                    "introduced": "18.1r2-NA"
                },
                {
                    "last_affected": "18.1r2-NA"
                },
                {
                    "introduced": "18.2r1-NA"
                },
                {
                    "last_affected": "18.2r1-NA"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "juniper:junos"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "6.0"
                },
                {
                    "last_affected": "6.0"
                },
                {
                    "introduced": "7.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:enterprise_linux_desktop"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "6.0"
                },
                {
                    "last_affected": "6.0"
                },
                {
                    "introduced": "7.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "redhat:enterprise_linux_server"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "6.4"
                },
                {
                    "last_affected": "6.4"
                },
                {
                    "introduced": "6.5"
                },
                {
                    "last_affected": "6.5"
                },
                {
                    "introduced": "6.6"
                },
                {
                    "last_affected": "6.6"
                },
                {
                    "introduced": "7.2"
                },
                {
                    "last_affected": "7.2"
                },
                {
                    "introduced": "7.3"
                },
                {
                    "last_affected": "7.3"
                },
                {
                    "introduced": "7.4"
                },
                {
                    "last_affected": "7.4"
                },
                {
                    "introduced": "7.6"
                },
                {
                    "last_affected": "7.6"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "redhat:enterprise_linux_server_aus"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "6.7"
                },
                {
                    "last_affected": "6.7"
                },
                {
                    "introduced": "7.3"
                },
                {
                    "last_affected": "7.3"
                },
                {
                    "introduced": "7.4"
                },
                {
                    "last_affected": "7.4"
                },
                {
                    "introduced": "7.5"
                },
                {
                    "last_affected": "7.5"
                },
                {
                    "introduced": "7.6"
                },
                {
                    "last_affected": "7.6"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:enterprise_linux_server_eus"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "6.6"
                },
                {
                    "last_affected": "6.6"
                },
                {
                    "introduced": "7.2"
                },
                {
                    "last_affected": "7.2"
                },
                {
                    "introduced": "7.3"
                },
                {
                    "last_affected": "7.3"
                },
                {
                    "introduced": "7.6"
                },
                {
                    "last_affected": "7.6"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:enterprise_linux_server_tus"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "6.0"
                },
                {
                    "last_affected": "6.0"
                },
                {
                    "introduced": "7.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "redhat:enterprise_linux_workstation"
        }
    ]
}
References

Affected packages

Git / github.com/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://github.com/isc-projects/bind9
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.9.11:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.10.6:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "9.4.0"
        },
        {
            "last_affected": "9.8.8"
        },
        {
            "introduced": "9.9.0"
        },
        {
            "last_affected": "9.9.11"
        },
        {
            "introduced": "9.10.0"
        },
        {
            "last_affected": "9.10.6"
        },
        {
            "introduced": "9.11.0"
        },
        {
            "last_affected": "9.11.2"
        },
        {
            "introduced": "9.9.3-s1"
        },
        {
            "last_affected": "9.9.3-s1"
        },
        {
            "introduced": "9.9.11-s1"
        },
        {
            "last_affected": "9.9.11-s1"
        },
        {
            "introduced": "9.10.5-s1"
        },
        {
            "last_affected": "9.10.5-s1"
        },
        {
            "introduced": "9.10.6-s1"
        },
        {
            "last_affected": "9.10.6-s1"
        },
        {
            "introduced": "9.12.0-b1"
        },
        {
            "last_affected": "9.12.0-b1"
        },
        {
            "introduced": "9.12.0-b2"
        },
        {
            "last_affected": "9.12.0-b2"
        },
        {
            "introduced": "9.12.0-rc1"
        },
        {
            "last_affected": "9.12.0-rc1"
        }
    ]
}

Affected versions

9.*
9.10.5-s1
9.10.6-s1
9.12.0-b1
9.12.0-b2
9.12.0-rc1
9.9.11-s1
9.9.3-s1
v9.*
v9.11.0
v9.11.1
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.2
v9.11.2b1
v9.11.2rc1
v9.11.2rc2
v9.9.10
v9.9.10b1
v9.9.10rc1
v9.9.10rc2
v9.9.10rc3
v9.9.11
v9.9.11b1
v9.9.11rc1
v9.9.11rc2
v9.9.3
v9.9.3b1
v9.9.3b2
v9.9.3rc1
v9.9.3rc2
v9.9.4
v9.9.4b1
v9.9.4rc2
v9.9.5
v9.9.5b1
v9.9.5rc1
v9.9.5rc2
v9.9.6
v9.9.6b1
v9.9.6b2
v9.9.6rc1
v9.9.6rc2
v9.9.7
v9.9.7b1
v9.9.7rc1
v9.9.7rc2
v9.9.8
v9.9.8b1
v9.9.8rc1
v9.9.9
v9.9.9b1
v9.9.9b2
v9.9.9rc1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3145.json"

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.9.11:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.10.6:s1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*",
        "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "9.4.0"
        },
        {
            "last_affected": "9.8.8"
        },
        {
            "introduced": "9.9.0"
        },
        {
            "last_affected": "9.9.11"
        },
        {
            "introduced": "9.10.0"
        },
        {
            "last_affected": "9.10.6"
        },
        {
            "introduced": "9.11.0"
        },
        {
            "last_affected": "9.11.2"
        },
        {
            "introduced": "9.9.3-s1"
        },
        {
            "last_affected": "9.9.3-s1"
        },
        {
            "introduced": "9.9.11-s1"
        },
        {
            "last_affected": "9.9.11-s1"
        },
        {
            "introduced": "9.10.5-s1"
        },
        {
            "last_affected": "9.10.5-s1"
        },
        {
            "introduced": "9.10.6-s1"
        },
        {
            "last_affected": "9.10.6-s1"
        },
        {
            "introduced": "9.12.0-b1"
        },
        {
            "last_affected": "9.12.0-b1"
        },
        {
            "introduced": "9.12.0-b2"
        },
        {
            "last_affected": "9.12.0-b2"
        },
        {
            "introduced": "9.12.0-rc1"
        },
        {
            "last_affected": "9.12.0-rc1"
        }
    ]
}

Affected versions

9.*
9.10.5-s1
9.10.6-s1
9.12.0-b1
9.12.0-b2
9.12.0-rc1
9.9.11-s1
9.9.3-s1
v9.*
v9.11.0
v9.11.1
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.2
v9.11.2b1
v9.11.2rc1
v9.11.2rc2
v9.9.10
v9.9.10b1
v9.9.10rc1
v9.9.10rc2
v9.9.10rc3
v9.9.11
v9.9.11b1
v9.9.11rc1
v9.9.11rc2
v9.9.3
v9.9.3b1
v9.9.3b2
v9.9.3rc1
v9.9.3rc2
v9.9.4
v9.9.4b1
v9.9.4rc2
v9.9.5
v9.9.5b1
v9.9.5rc1
v9.9.5rc2
v9.9.6
v9.9.6b1
v9.9.6b2
v9.9.6rc1
v9.9.6rc2
v9.9.7
v9.9.7b1
v9.9.7rc1
v9.9.7rc2
v9.9.8
v9.9.8b1
v9.9.8rc1
v9.9.9
v9.9.9b1
v9.9.9b2
v9.9.9rc1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3145.json"