CVE-2017-3145

Name of the Vulnerable Software and Affected Versions: BIND versions 9.0.0 through 9.8.x BIND versions 9.9.0 through 9.9.11 BIND versions 9.10.0 through 9.10.6 BIND versions 9.11.0 through 9.11.2 BIND versions 9.9.3-S1 through 9.9.11-S1 BIND versions 9.10.5-S1 through 9.10.6-S1 BIND versions 9.12.0a1 through 9.12.0rc1

Description: The issue is related to improper sequencing of cleanup operations on upstream recursion fetch contexts in BIND, leading to a use-after-free error. This can trigger an assertion failure and crash in named. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations: For BIND versions 9.0.0 through 9.8.x, update to a version outside of this range to resolve the issue. For BIND versions 9.9.0 through 9.9.11, update to a version outside of this range to resolve the issue. For BIND versions 9.10.0 through 9.10.6, update to a version outside of this range to resolve the issue. For BIND versions 9.11.0 through 9.11.2, update to a version outside of this range to resolve the issue. For BIND versions 9.9.3-S1 through 9.9.11-S1, update to a version outside of this range to resolve the issue. For BIND versions 9.10.5-S1 through 9.10.6-S1, update to a version outside of this range to resolve the issue. For BIND versions 9.12.0a1 through 9.12.0rc1, update to a version outside of this range to resolve the issue.