### [CVE-2017-3145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145)
![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%209.0.0%20to%209.8.x%2C%209.9.0%20to%209.9.11%2C%209.10.0%20to%209.10.6%2C%209.11.0%20to%209.11.2%2C%209.9.3-S1%20to%209.9.11-S1%2C%209.10.5-S1%20to%209.10.6-S1%2C%209.12.0a1%20to%209.12.0rc1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=While%20this%20bug%20has%20existed%20in%20BIND%20since%209.0.0%2C%20there%20are%20no%20known%20code%20paths%20leading%20to%20it%20in%20ISC%20releases%20prior%20to%20those%20containing%20the%20fix%20for%20CVE-2017-3137.%20%20Thus%20while%20all%20instances%20of%20BIND%20ought%20to%20be%20patched%2C%20only%20ISC%20versions%20%5B9.9.9-P8%20to%209.9.11%2C%209.10.4-P8%20to%209.10.6%2C%209.11.0-P5%20to%209.11.2%2C%209.9.9-S10%20to%209.9.11-S1%2C%209.10.5-S1%20to%209.10.6-S1%2C%20and%209.12.0a1%20to%209.12.0rc1%5D%20acting%20as%20DNSSEC%20validating%20resolvers%20are%20currently%20known%20to%20crash%20due%20to%20this%20bug.%20%20The%20known%20crash%20is%20an%20assertion%20failure%20in%20netaddr.c.&color=brighgreen)

### Description

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ALTinners/bind9
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AndrewLipscomb/bind9
- https://github.com/DButter/whitehat_public
- https://github.com/Dokukin1/Metasploitable
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/NikulinMS/13-01-hw
- https://github.com/Zhivarev/13-01-hw
- https://github.com/balabit-deps/balabit-os-7-bind9
- https://github.com/balabit-deps/balabit-os-8-bind9-libs
- https://github.com/balabit-deps/balabit-os-9-bind9-libs
- https://github.com/pexip/os-bind9
- https://github.com/pexip/os-bind9-libs
- https://github.com/psmedley/bind-os2
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/tomoyamachi/gocarts
- https://github.com/zzzWTF/db-13-01