CVE-2017-3140

Name of the Vulnerable Software and Affected Versions BIND versions 9.9.10 through 9.9.10-S1 BIND versions 9.10.5 through 9.10.5-S1 BIND versions 9.11.0 through 9.11.1

Description The issue arises when named is configured to use Response Policy Zones (RPZ) and an error occurs while processing certain rule types, leading to an endless loop in BIND when handling a query. This can be exploited by attackers to cause a denial of service via a specially crafted query.

Recommendations For BIND versions 9.9.10 through 9.9.10-S1, update to a version that includes the fix for this issue. For BIND versions 9.10.5 through 9.10.5-S1, update to a version that includes the fix for this issue. For BIND versions 9.11.0 through 9.11.1, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the use of Response Policy Zones (RPZ) until a patch is available.