CVE-2018-5734

CWE-617 — Reachable Assertion6 documents6 sources

Severity

7.5HIGH

EPSS

6.4%

top 8.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind 9 ISC Bind

Timeline

PublishedJan 16

Latest updateMay 13

Description

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDisc/bind9.10.5, 9.10.6+1

▶CVEListV5isc/bind_99.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2

🔴Vulnerability Details

GHSA

GHSA-g395-wpqc-cmpv: While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode↗2022-05-13

▶

CVEList

A malformed request can trigger an assertion failure in badcache.c↗2019-01-16

▶

📋Vendor Advisories

Red Hat

bind: A malformed request can trigger an assertion failure in badcache.c↗2018-02-28

▶

Debian

CVE-2018-5734: bind9 - While handling a particular type of malformed packet BIND erroneously selects a ...↗2018

▶

💬Community

Bugzilla

CVE-2018-5734 bind: A malformed request can trigger an assertion failure in badcache.c↗2018-03-01

▶