CVE-2018-5740

HIGH

BIND <9.13.3 - DoS

Title source: llm

Description

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Exploits (1)

nomisec WORKING POC 3 stars

by sischkg · poc

https://github.com/sischkg/cve-2018-5740

View Code ZIP pw:eip

References (14)

Core 14

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105055

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2570

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2571

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3769-2/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041436

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20180926-0003/

Vendor Advisory x_refsource_confirm

https://kb.isc.org/docs/aa-01639

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3769-1/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201903-13

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html

Third Party Advisory x_refsource_confirm

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html

Scores

CVSS v3 7.5

EPSS 0.6453

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-617

Status published

Products (21)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

debian/debian_linux 8.0

debian/debian_linux 9.0

hp/hp-ux

isc/bind 9.7.0 - 9.8.8

netapp/data_ontap_edge

opensuse/leap 15.0

... and 11 more

Published Jan 16, 2019

Tracked Since Feb 18, 2026