Vulnerability Description
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | 9.10.5 |
| Netapp | Data Ontap Edge | - |
| Netapp | Solidfire Element Os Management Node | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103189Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040438Third Party AdvisoryVDB Entry
- https://kb.isc.org/docs/aa-01562Vendor Advisory
- https://security.netapp.com/advisory/ntap-20180926-0005/Third Party Advisory
- http://www.securityfocus.com/bid/103189Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040438Third Party AdvisoryVDB Entry
- https://kb.isc.org/docs/aa-01562Vendor Advisory
- https://security.netapp.com/advisory/ntap-20180926-0005/Third Party Advisory
FAQ
What is CVE-2018-5734?
CVE-2018-5734 is a vulnerability with a CVSS score of 7.5 (HIGH). While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigge...
How severe is CVE-2018-5734?
CVE-2018-5734 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5734?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Netapp Data Ontap Edge, Netapp Solidfire Element Os Management Node.