CVE-2017-3136

Name of the Vulnerable Software and Affected Versions BIND versions 9.8.0 through 9.8.8-P1 BIND versions 9.9.0 through 9.9.9-P6 BIND versions 9.9.10b1 through 9.9.10rc1 BIND versions 9.10.0 through 9.10.4-P6 BIND versions 9.10.5b1 through 9.10.5rc1 BIND versions 9.11.0 through 9.11.0-P3 BIND versions 9.11.1b1 through 9.11.1rc1 BIND versions 9.9.3-S1 through 9.9.9-S8

Description A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met.

Recommendations For BIND versions 9.8.0 through 9.8.8-P1, update to a version outside of this range to resolve the issue. For BIND versions 9.9.0 through 9.9.9-P6, update to a version outside of this range to resolve the issue. For BIND versions 9.9.10b1 through 9.9.10rc1, update to a version outside of this range to resolve the issue. For BIND versions 9.10.0 through 9.10.4-P6, update to a version outside of this range to resolve the issue. For BIND versions 9.10.5b1 through 9.10.5rc1, update to a version outside of this range to resolve the issue. For BIND versions 9.11.0 through 9.11.0-P3, update to a version outside of this range to resolve the issue. For BIND versions 9.11.1b1 through 9.11.1rc1, update to a version outside of this range to resolve the issue. For BIND versions 9.9.3-S1 through 9.9.9-S8, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the DNS64 feature until a patch is available.