A malformed request can trigger an assertion failure in badcache.c

CVE-2018-5734

7.5HIGH

Key Information

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 16 January 2019

Summary

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

Affected Version(s)

BIND 9 = 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 16, 2019
Vulnerability Reserved.
Jan 17, 2018

Collectors

NVD DatabaseMitre Database