CVE-2018-5740 vulnerability in ISC and Other Products
Published on January 16, 2019

A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-5740

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-5740 are published in these products:

ISC BIND

NetApp Data Ontap Edge

Canonical Ubuntu Linux

Debian Linux

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Eus

Red Hat Enterprise Linux Workstation

Hp Ux

OpenSuse Leap

Affected Versions

ISC BIND 9 Version BIND 9 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2 is affected by CVE-2018-5740

Exploit Probability

EPSS

75.02%

Percentile

98.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-5740 vulnerability in ISC and Other ProductsPublished on January 16, 2019

Products Associated with CVE-2018-5740

Affected Versions

Exploit Probability

CVE-2018-5740 vulnerability in ISC and Other Products
Published on January 16, 2019