[3.4] bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145)| ID: oval:org.secpod.oval:def:1800901 | Date: (C)2018-03-30 (M)2023-06-28 |
| Class: PATCH | Family: unix |
Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named. Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in netaddr.c due to this bug. Affected versions: 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1 Fixed In: bind 9.9.11-P1, bind 9.10.6-P1, bind 9.10.6-S2, bind 9.11.2-P1, bind 9.9.11-S2, bind 9.12.0rc2
| Platform: |
| Alpine Linux 3.4 |
