Lucene search

IscCVE-2018-5736

HistoryJan 16, 2019 - 8:29 p.m.

CVE-2018-5736

2019-01-1620:29:00

CWE-617

isc

web.nvd.nist.gov

101

cve-2018-5736

zone database

reference counting

assertion failure

bind 9.12.0

bind 9.12.1

nvd

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

Affected configurations

Nvd

Node

iscbindMatch9.12.0

iscbindMatch9.12.1

Node

netappcloud_backupMatch-

netappdata_ontap_edgeMatch-

VendorProductVersionCPE
iscbind9.12.0cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*
iscbind9.12.1cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*
netappcloud_backup-cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
netappdata_ontap_edge-cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
isc	bind	9.12.0	cpe:2.3:a:isc:bind:9.12.0:::::::*
isc	bind	9.12.1	cpe:2.3:a:isc:bind:9.12.1:::::::*
netapp	cloud_backup	-	cpe:2.3:a:netapp:cloud_backup:-:::::::*
netapp	data_ontap_edge	-	cpe:2.3:a:netapp:data_ontap_edge:-:::::::*