CVE-2018-5734

moderate-risk

Published 2019-01-16

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

Do I need to act?

6.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (6)

Bind

Data Ontap Edge

Solidfire Element Os Management Node

Affected Vendors

Isc Netapp

References (8)

Third Party Advisory http://www.securityfocus.com/bid/103189

Third Party Advisory http://www.securitytracker.com/id/1040438

Vendor Advisory https://kb.isc.org/docs/aa-01562

Third Party Advisory https://security.netapp.com/advisory/ntap-20180926-0005/

Third Party Advisory http://www.securityfocus.com/bid/103189

Third Party Advisory http://www.securitytracker.com/id/1040438

Vendor Advisory https://kb.isc.org/docs/aa-01562

Third Party Advisory https://security.netapp.com/advisory/ntap-20180926-0005/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 9/34 · Low

Exposure 13/34 · Low