Assertion failure in ISC BIND - CVE-2018-5740
Published: August 9, 2018 / Updated: August 9, 2018
Vulnerability identifier: #VU14291
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-5740
CWE-ID: CWE-617
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ISC
Affected software:
ISC BIND
ISC BIND
Detailed vulnerability description
The vulnerability allows an attacker to perform denial of service (DoS) attack.
The vulnerability exists due to INSIST assertion failure in name.c when processing recursive queries. A remote attacker can trigger denial of service conditions if the affected server is configured with enabled "deny-answer-aliases" feature.
How to mitigate CVE-2018-5740
Update to version 9.9.13-P1, 9.10.8-P1, 9.11.3-S3, 9.11.4-P1 or 9.12.2-P1