Vulnerability CVE-2018-5734


Published: 2019-01-16

Description:
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

Type:

CWE-617

(Reachable Assertion)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Netapp -> Data ontap edge 
Netapp -> Solidfire element os management node 
ISC -> BIND 

 References:
http://www.securityfocus.com/bid/103189
http://www.securitytracker.com/id/1040438
https://kb.isc.org/docs/aa-01562
https://security.netapp.com/advisory/ntap-20180926-0005/

Copyright 2024, cxsecurity.com

 

Back to Top