CVE-2018-5737

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

Published : 2019-01-16 20:29 Updated : 2019-10-09 23:41

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Isc Bind 9.12.0 cpe:/a:isc:bind:9.12.0
Isc Bind 9.12.1 cpe:/a:isc:bind:9.12.1
Netapp Cloud Backup - cpe:/a:netapp:cloud_backup:-
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
  1. Isc (1) Search CVE
    1. Bind (2) Search CVE
      1. 9.12.0
      2. 9.12.1
  2. Netapp (2) Search CVE
    1. Data Ontap Edge (1) Search CVE
      1. -
    2. Cloud Backup (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-617 Reachable Assertion The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. CVE

History of changes

Date Event
2019-10-03 00:03
2019-02-13 18:41
2019-01-17 11:29
2019-01-16 20:29

New CVE