How severe is CVE-2017-3138?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2017-3138?

This is classified as CWE-617, which is a common weakness in software security.

CVE-2017-3138 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.

Related Vulnerabilities

CVE-2018-20217

MEDIUM

CVSS:5.3(Medium)

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4...

CWE-6172018

CVE-2018-5736

MEDIUM

CVSS:5.3(Medium)

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. T...

CWE-6172018

CVE-2019-6468

MEDIUM

CVSS:5.3(Medium)

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling n...

CWE-6172019

CVE-2021-28090

MEDIUM

CVSS:5.3(Medium)

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

CWE-6172021

CVE-2023-33199

MEDIUM

CVSS:5.3(Medium)

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a pani...

CWE-6172023

CVE-2023-37002

MEDIUM

CVSS:5.3(Medium)

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message ...

CWE-6172023