CVE-2018-5734

EPSS 8.7%
Veröffentlicht 16.01.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 04:09:16
Quelle security-officer@isc.org
Teams Watchlist Login
Unerledigt Login

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Bind Version9.10.5 Updates1

Isc ≫ Bind Version9.10.5 Updates4

Isc ≫ Bind Version9.10.6 Updates1

Isc ≫ Bind Version9.10.6 Updates2

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ Solidfire Element Os Management Node Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.7%	0.916

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://security.netapp.com/advisory/ntap-20180926-0005/

Third Party Advisory

http://www.securityfocus.com/bid/103189

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040438

Third Party Advisory

VDB Entry

https://kb.isc.org/docs/aa-01562

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5734

EUVD