CVE-2017-3140

NameCVE-2017-3140
DescriptionIf named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie, jessie (lts)1:9.9.5.dfsg-9+deb8u31fixed
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u12fixed
stretch (lts), stretch1:9.10.3.dfsg.P4-12.3+deb9u16fixed
buster, buster (lts)1:9.11.5.P4+dfsg-5.1+deb10u13fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u11fixed
bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u1fixed
bookworm (security), bookworm1:9.18.28-1~deb12u2fixed
sid, trixie1:9.20.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9source(unstable)(not affected)

Notes

- bind9 <not-affected> (Upstream change #4377 not backported/included)
https://kb.isc.org/article/AA-01495
Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7
Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7
CVE-2017-3140 is introduced by the upstream change #4377
https://www.openwall.com/lists/oss-security/2017/06/14/4

Search for package or bug name: Reporting problems