Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5734

Опубликовано: 28 фев. 2018
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

Отчет

This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5bindNot affected
Red Hat Enterprise Linux 5bind97Not affected
Red Hat Enterprise Linux 6bindNot affected
Red Hat Enterprise Linux 7bindNot affected
Red Hat Enterprise Linux 8bindNot affected
Red Hat Enterprise Linux 8bind99Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=1550602bind: A malformed request can trigger an assertion failure in badcache.c

EPSS

Процентиль: 91%
0.06399
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5734

CVSS3: 7.5
ubuntu
около 7 лет назад

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

nvd логотип

CVE-2018-5734

CVSS3: 7.5
nvd
около 7 лет назад

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

debian логотип

CVE-2018-5734

CVSS3: 7.5
debian
около 7 лет назад

While handling a particular type of malformed packet BIND erroneously ...

github логотип

GHSA-g395-wpqc-cmpv

CVSS3: 7.5
github
больше 3 лет назад

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

EPSS

Процентиль: 91%
0.06399
Низкий

7.5 High

CVSS3