What is CVE-2017-3145?

CVE-2017-3145 is a high-severity vulnerability in Isc Bind, classified under Use After Free. CVSS score: 7.5/10. Published 2019-01-16.

How severe is CVE-2017-3145?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2017-3145 known to be exploited?

23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Isc Bind

CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11…

Vulnerability class: Use-After-Free

EPSS: 0.425 (98.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Isc Bind — versions 9.9.3, 9.9.11, 9.10.5
Isc Bind 9 — versions 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1
Juniper Junos — versions 12.1x46-d76, 12.3x48-d70, 15.1x49-d140
Juniper Srx100
Juniper Srx110
Juniper Srx1400
Juniper Srx1500
Juniper Srx210
Juniper Srx220
Juniper Srx240

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

security-officer@isc.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security-officer@isc.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security-officer@isc.org (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
security-officer@isc.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security-officer@isc.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security-officer@isc.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK, Broken Link)
security-officer@isc.org (x_refsource_CONFIRM, Vendor Advisory)
security-officer@isc.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
security-officer@isc.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
security-officer@isc.org (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2017-3145?: CVE-2017-3145 is a high-severity vulnerability in Isc Bind, classified under Use After Free. CVSS score: 7.5/10. Published 2019-01-16.
How severe is CVE-2017-3145?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2017-3145 known to be exploited?: 23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.