CVE-2018-5736Reachable Assertion in Bind

CWE-617Reachable AssertionCWE-400Uncontrolled Resource Consumption10 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
42.9%
top 2.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ISC Bind
Timeline
PublishedJan 16
Latest updateMay 13

Description

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

Alpineisc/bind< 9.12.1_p2-r0+15
NVDisc/bind9.12.0, 9.12.1+1

🔴Vulnerability Details

3
GHSA
GHSA-6p6q-g6w7-h5f9: An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts severa2022-05-13
OSV
CVE-2018-5736: An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts severa2019-01-16
CVEList
CVE-2018-5736: An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts severa2019-01-16

📋Vendor Advisories

2
Red Hat
bind: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c2018-05-18
Debian
CVE-2018-5736: bind9 - An error in zone database reference counting can lead to an assertion failure if...2018

💬Community

1
Bugzilla
CVE-2018-5736 bind: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c2018-05-15
CVE-2018-5736 — Reachable Assertion in ISC Bind | cvebase