CVE-2018-5742

CWE-617 — Reachable Assertion CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

7.5HIGH

EPSS

1.3%

top 20.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind Redhat Bind9

Timeline

PublishedOct 30

Latest updateMay 24

Description

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5redhat/bind9RedHat BIND9 bind-9.9.4-65.el7 -> bind-9.9.4-72.el7

▶NVDisc/bind9.9.4-65 — 9.9.4-72

🔴Vulnerability Details

GHSA

GHSA-r4vj-82q4-crg5: While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer↗2022-05-24

▶

CVEList

An oversight while backporting a feature leads to an assertion failure in buffer.c:420↗2019-10-30

▶

📋Vendor Advisories

Red Hat

bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary↗2018-12-18

▶

Debian

CVE-2018-5742: bind9 - While backporting a feature for a newer branch of BIND9, RedHat introduced a pat...↗2018

▶

💬Community

Bugzilla

CVE-2018-5742 bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary↗2018-12-04

▶