Vulnerability Details : CVE-2017-3136
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
Vulnerability category: Denial of service
Threat overview for CVE-2017-3136
Top countries where our scanners detected CVE-2017-3136
Top open port discovered on systems with this issue
53
IPs affected by CVE-2017-3136 273,807
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-3136!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-3136
Probability of exploitation activity in the next 30 days: 8.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-3136
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
|
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
|
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
Internet Systems Consortium (ISC) |
CWE ids for CVE-2017-3136
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3136
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
HPESBUX03747 rev.1 - HP-UX running BIND, Remote Denial of ServiceThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
[security-announce] openSUSE-SU-2020:1701-1: moderate: Security update f
-
http://www.securitytracker.com/id/1038259
BIND DNS64 State Error Lets Remote Users Cause the Target Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
https://kb.isc.org/docs/aa-01465
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" - Security AdvisoriesVendor Advisory
-
https://security.netapp.com/advisory/ntap-20180802-0002/
April 2017 ISC BIND Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
[security-announce] openSUSE-SU-2020:1699-1: moderate: Security update f
-
https://www.debian.org/security/2017/dsa-3854
Debian -- Security Information -- DSA-3854-1 bind9Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1105
RHSA-2017:1105 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201708-01
BIND: Multiple vulnerabilities (GLSA 201708-01) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/97653
ISC BIND CVE-2017-3136 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1095
RHSA-2017:1095 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Products affected by CVE-2017-3136
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*