#VU14291 Assertion failure in ISC BIND - CVE-2018-5740
Published: August 9, 2018 / Updated: August 9, 2018
Vulnerability identifier: #VU14291
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-5740
CWE-ID: CWE-617
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ISC BIND
ISC BIND
Software vendor:
ISC
ISC
Description
The vulnerability allows an attacker to perform denial of service (DoS) attack.
The vulnerability exists due to INSIST assertion failure in name.c when processing recursive queries. A remote attacker can trigger denial of service conditions if the affected server is configured with enabled "deny-answer-aliases" feature.
Remediation
Update to version 9.9.13-P1, 9.10.8-P1, 9.11.3-S3, 9.11.4-P1 or 9.12.2-P1