isc bind CVE-2018-5737 in ISC and NetApp Products
Published on January 16, 2019

BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.

product logo product logo
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

NVD


Products Associated with CVE-2018-5737

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-5737 are published in these products:

ISC BIND
 
NetApp Cloud Backup
 
NetApp Data Ontap Edge
 

Affected Versions

ISC BIND 9 Version 9.12.0 and 9.12.1 is affected by CVE-2018-5737

Exploit Probability

EPSS
1.19%
Percentile
78.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.