Isc · Bind · CVE-2017-3138
**Name of the Vulnerable Software and Affected Versions**
BIND 9.9.9 through 9.9.9-P7
BIND 9.9.10b1 through 9.9.10rc2
BIND 9.10.4 through 9.10.4-P7
BIND 9.10.5b1 through 9.10.5rc2
BIND 9.11.0 through 9.11.0-P4
BIND 9.11.1b1 through 9.11.1rc2
BIND 9.9.9-S1 through 9.9.9-S9
**Description**
The issue arises from a regression in a recent feature change, allowing attackers to cause a denial of service by sending a null command string over a control channel to the named server process. This can result in the server exiting with a REQUIRE assertion failure.
**Recommendations**
For BIND 9.9.9 through 9.9.9-P7, update to a version outside of this range to resolve the issue.
For BIND 9.9.10b1 through 9.9.10rc2, update to a version outside of this range to resolve the issue.
For BIND 9.10.4 through 9.10.4-P7, update to a version outside of this range to resolve the issue.
For BIND 9.10.5b1 through 9.10.5rc2, update to a version outside of this range to resolve the issue.
For BIND 9.11.0 through 9.11.0-P4, update to a version outside of this range to resolve the issue.
For BIND 9.11.1b1 through 9.11.1rc2, update to a version outside of this range to resolve the issue.
For BIND 9.9.9-S1 through 9.9.9-S9, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the control channel to minimize the risk of exploitation.