cve/2017/CVE-2017-3137.md

### [CVE-2017-3137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137)
![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20server%20which%20is%20performing%20recursion%20can%20be%20forced%20to%20exit%20with%20an%20assertion%20failure%20if%20it%20can%20be%20caused%20to%20receive%20a%20response%20containing%20CNAME%20or%20DNAME%20resource%20records%20with%20certain%20ordering.%20%20An%20attacker%20can%20cause%20a%20denial%20of%20service%20by%20exploiting%20this%20condition.%20%20Recursive%20resolvers%20are%20at%20highest%20risk%20but%20authoritative%20servers%20are%20theoretically%20vulnerable%20if%20they%20perform%20recursion.&color=brighgreen)

### Description

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ALTinners/bind9
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AndrewLipscomb/bind9
- https://github.com/balabit-deps/balabit-os-7-bind9
- https://github.com/balabit-deps/balabit-os-8-bind9-libs
- https://github.com/balabit-deps/balabit-os-9-bind9-libs
- https://github.com/pexip/os-bind9
- https://github.com/pexip/os-bind9-libs
- https://github.com/psmedley/bind-os2