{"api_version":"1","generated_at":"2026-04-22T23:30:52+00:00","cve":"CVE-2018-5734","urls":{"html":"https://cve.report/CVE-2018-5734","api":"https://cve.report/api/cve/CVE-2018-5734.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-5734","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-5734"},"summary":{"title":"CVE-2018-5734","description":"While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.","state":"PUBLIC","assigner":"security-officer@isc.org","published_at":"2019-01-16 20:29:00","updated_at":"2019-10-09 23:41:00"},"problem_types":["CWE-617"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/103189","name":"103189","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"ISC BIND CVE-2018-5734 Remote Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1040438","name":"1040438","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"BIND Logic Flaw in 'badcache.c' Lets Remote Users Cause the Target Service to Crash - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20180926-0005/","name":"https://security.netapp.com/advisory/ntap-20180926-0005/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"February 2018 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kb.isc.org/docs/aa-01562","name":"https://kb.isc.org/docs/aa-01562","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"CVE-2018-5734: A malformed request can trigger an assertion failure in badcache.c - Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-5734","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5734","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.5","cpe7":"s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.5","cpe7":"s4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.6","cpe7":"s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.6","cpe7":"s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.5","cpe7":"s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.5","cpe7":"s4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.6","cpe7":"s1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"isc","cpe5":"bind","cpe6":"9.10.6","cpe7":"s2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"data_ontap_edge","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"data_ontap_edge","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_element_os_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5734","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_element_os_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-officer@isc.org","DATE_PUBLIC":"2018-02-28T00:00:00.000Z","ID":"CVE-2018-5734","STATE":"PUBLIC","TITLE":"A malformed request can trigger an assertion failure in badcache.c"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"BIND 9","version":{"version_data":[{"version_value":"9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2"}]}}]},"vendor_name":"ISC"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view."}]}]},"references":{"reference_data":[{"name":"https://kb.isc.org/docs/aa-01562","refsource":"CONFIRM","url":"https://kb.isc.org/docs/aa-01562"},{"name":"https://security.netapp.com/advisory/ntap-20180926-0005/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20180926-0005/"},{"name":"103189","refsource":"BID","url":"http://www.securityfocus.com/bid/103189"},{"name":"1040438","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040438"}]},"solution":[{"lang":"eng","value":"Upgrade to the patched release.\n\n    No publicly released versions of BIND are affected\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.10.6-S3"}],"source":{"discovery":"UNKNOWN"},"work_around":[{"lang":"eng","value":"Disabling the SERVFAIL cache with 'servfail-ttl 0;' will prevent taking the code path that leads to the assertion failure."}]},"nvd":{"publishedDate":"2019-01-16 20:29:00","lastModifiedDate":"2019-10-09 23:41:00","problem_types":["CWE-617"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:bind:9.10.6:s1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:bind:9.10.6:s2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:isc:bind:9.10.5:s4:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"5734","Ordinal":"121721","Title":"CVE-2018-5734","CVE":"CVE-2018-5734","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"5734","Ordinal":"1","NoteData":"While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"5734","Ordinal":"2","NoteData":"2019-01-16","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"5734","Ordinal":"3","NoteData":"2019-01-17","Type":"Other","Title":"Modified"}]}}}