CVE-2018-5734

EPSS 8.7%
Published 16.01.2019 20:29:00
Last modified 21.11.2024 04:09:16
Source security-officer@isc.org
Teams watchlist Login
Open Login

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version9.10.5 Updates1

Isc ≫ Bind Version9.10.5 Updates4

Isc ≫ Bind Version9.10.6 Updates1

Isc ≫ Bind Version9.10.6 Updates2

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ Solidfire Element Os Management Node Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.7%	0.916

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://security.netapp.com/advisory/ntap-20180926-0005/

Third Party Advisory

http://www.securityfocus.com/bid/103189

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040438

Third Party Advisory

VDB Entry

https://kb.isc.org/docs/aa-01562

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5734

EUVD