CVE-2018-5737
Severity
7.5HIGH
EPSS
1.2%
top 21.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 13
Description
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either d…
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-9cxr-pmg7-9w5v: A problem with the implementation of the new serve-stale feature in BIND 9↗2022-05-13
OSV▶
CVE-2018-5737: A problem with the implementation of the new serve-stale feature in BIND 9↗2019-01-16
CVEList▶
BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.↗2019-01-16
📋Vendor Advisories
4Microsoft▶
In Node.js including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1 an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep↗2019-03-12
Red Hat▶
bind: Interaction between NSEC aggresive negative caching and the serve-stale feature can cause a denial of service↗2018-05-18
Debian▶
CVE-2018-5737: bind9 - A problem with the implementation of the new serve-stale feature in BIND 9.12 ca...↗2018
💬Community
1Bugzilla▶
CVE-2018-5737 bind: Interaction between NSEC aggresive negative caching and the serve-stale feature can cause a denial of service↗2018-05-16