CVE-2018-5734
Summary
| CVE | CVE-2018-5734 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-16 20:29:00 UTC |
| Updated | 2019-10-09 23:41:00 UTC |
| Description | While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2. |
Risk And Classification
Problem Types: CWE-617
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Isc | Bind | 9.10.5 | s1 | All | All |
| Application | Isc | Bind | 9.10.5 | s4 | All | All |
| Application | Isc | Bind | 9.10.6 | s1 | All | All |
| Application | Isc | Bind | 9.10.6 | s2 | All | All |
| Application | Isc | Bind | 9.10.5 | s1 | All | All |
| Application | Isc | Bind | 9.10.5 | s4 | All | All |
| Application | Isc | Bind | 9.10.6 | s1 | All | All |
| Application | Isc | Bind | 9.10.6 | s2 | All | All |
| Application | Netapp | Data Ontap Edge | - | All | All | All |
| Application | Netapp | Data Ontap Edge | - | All | All | All |
| Application | Netapp | Solidfire Element Os Management Node | - | All | All | All |
| Application | Netapp | Solidfire Element Os Management Node | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ISC BIND CVE-2018-5734 Remote Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| BIND Logic Flaw in 'badcache.c' Lets Remote Users Cause the Target Service to Crash - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| February 2018 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE-2018-5734: A malformed request can trigger an assertion failure in badcache.c - Security Advisories | CONFIRM | kb.isc.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.