CVE-2017-3145

Name: CVE-2017-3145
Creator: NVD / NIST
Published: 2019-01-16T20:29:00.69+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 27.93%

Last modified Jun 17, 2026

CVE-2017-3145 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.. EPSS estimates a 27.93% chance of exploitation in the next 30 days.

Description

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

27.93%

97.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-416

Affected Software

Vendor	Product	Versions	Update
Isc	Bind	>= 9.4.0, <= 9.8.8	—
Isc	Bind	>= 9.9.0, <= 9.9.11	—
Isc	Bind	>= 9.10.0, <= 9.10.6	—
Isc	Bind	>= 9.11.0, <= 9.11.2	—
Isc	Bind	9.9.3	S1
Isc	Bind	9.9.11	S1
Isc	Bind	9.10.5	S1
Isc	Bind	9.10.6	S1
Isc	Bind	9.12.0	Alpha1
Redhat	Enterprise Linux Desktop	6.0	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Server	6.0	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Server Aus	6.4	—
Redhat	Enterprise Linux Server Aus	6.5	—
Redhat	Enterprise Linux Server Aus	6.6	—
Redhat	Enterprise Linux Server Aus	7.2	—
Redhat	Enterprise Linux Server Aus	7.3	—
Redhat	Enterprise Linux Server Aus	7.4	—
Redhat	Enterprise Linux Server Aus	7.6	—
Redhat	Enterprise Linux Server Eus	6.7	—
Redhat	Enterprise Linux Server Eus	7.3	—
Redhat	Enterprise Linux Server Eus	7.4	—
Redhat	Enterprise Linux Server Eus	7.5	—
Redhat	Enterprise Linux Server Eus	7.6	—
Redhat	Enterprise Linux Server Tus	6.6	—
Redhat	Enterprise Linux Server Tus	7.2	—
Redhat	Enterprise Linux Server Tus	7.3	—
Redhat	Enterprise Linux Server Tus	7.6	—
Redhat	Enterprise Linux Workstation	6.0	—
Redhat	Enterprise Linux Workstation	7.0	—
Debian	Debian Linux	7.0	—
Debian	Debian Linux	8.0	—
Debian	Debian Linux	9.0	—
Netapp	Data Ontap Edge	All versions	—
Juniper	Junos	12.1x46-d76	—
Juniper	Junos	12.3x48-d70	—
Juniper	Junos	15.1x49-d140	—
Juniper	Junos	17.4r2	—
Juniper	Junos	18.1r2	—
Juniper	Junos	18.2r1	—

References

http://www.securityfocus.com/bid/102716Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040195Broken Link, Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:0101Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0102Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0487Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0488Third Party Advisory
https://kb.isc.org/docs/aa-01542Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00029.htmlMailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20180117-0003/Third Party Advisory
https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-namedThird Party Advisory
https://www.debian.org/security/2018/dsa-4089Third Party Advisory
http://www.securityfocus.com/bid/102716Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040195Broken Link, Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:0101Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0102Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0487Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0488Third Party Advisory
https://kb.isc.org/docs/aa-01542Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00029.htmlMailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20180117-0003/Third Party Advisory
https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-namedThird Party Advisory
https://www.debian.org/security/2018/dsa-4089Third Party Advisory

Timeline

Published: Jan 16, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-3145?

How severe is CVE-2017-3145?

CVE-2017-3145 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 27.93% probability of exploitation in the next 30 days.

How do I fix CVE-2017-3145?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-3145?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST