CVE-2018-5740
Severity
7.5HIGH
EPSS
64.5%
top 1.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 13
Description
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5isc/bind_9BIND 9 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 7.6, 7.5
🔴Vulnerability Details
3GHSA▶
GHSA-rqpc-6vjv-w22p: "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potentia↗2022-05-13
OSV▶
CVE-2018-5740: "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potentia↗2019-01-16
CVEList
▶
📋Vendor Advisories
4💬Community
3Bugzilla▶
CVE-2018-5740 bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service [fedora-all]↗2018-08-08
Bugzilla▶
CVE-2018-5740 bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service↗2018-08-08
Bugzilla▶
CVE-2018-5740 bind99: bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service [fedora-all]↗2018-08-08