CVE-2018-5736

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

Published : 2019-01-16 20:29 Updated : 2019-10-03 00:03

3.5
CVSS Score More info
Score 3.5 / 10
3.5
Vendor Product Version URI
Isc Bind 9.12.0 cpe:/a:isc:bind:9.12.0
Isc Bind 9.12.1 cpe:/a:isc:bind:9.12.1
Netapp Cloud Backup - cpe:/a:netapp:cloud_backup:-
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
  1. Isc (1) Search CVE
    1. Bind (2) Search CVE
      1. 9.12.0
      2. 9.12.1
  2. Netapp (2) Search CVE
    1. Cloud Backup (1) Search CVE
      1. -
    2. Data Ontap Edge (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-617 Reachable Assertion The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. CVE

History of changes

Date Event
2019-10-03 00:03
2019-02-13 18:39
2019-01-17 11:29
2019-01-16 20:29

New CVE