Unrated severityNVD Advisory· Published Jan 16, 2019· Updated Sep 16, 2024
A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
CVE-2018-5740
Description
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31>=9.7.0 <=9.8.8 || >=9.9.0 <=9.9.13 || >=9.10.0 <=9.10.8 || >=9.11.0 <=9.11.4 || >=9.12.0 <=9.12.2 || >=9.13.0 <=9.13.2+ 1 more
- (no CPE)range: >=9.7.0 <=9.8.8 || >=9.9.0 <=9.9.13 || >=9.10.0 <=9.10.8 || >=9.11.0 <=9.11.4 || >=9.12.0 <=9.12.2 || >=9.13.0 <=9.13.2
- (no CPE)range: BIND 9 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2
- osv-coords29 versionspkg:apk/chainguard/bindpkg:apk/chainguard/bind-devpkg:apk/chainguard/bind-dnssec-rootpkg:apk/chainguard/bind-dnssec-toolspkg:apk/chainguard/bind-docpkg:apk/chainguard/bind-libspkg:apk/chainguard/bind-pluginspkg:apk/chainguard/bind-toolspkg:apk/wolfi/bindpkg:apk/wolfi/bind-devpkg:apk/wolfi/bind-dnssec-rootpkg:apk/wolfi/bind-dnssec-toolspkg:apk/wolfi/bind-docpkg:apk/wolfi/bind-libspkg:apk/wolfi/bind-pluginspkg:apk/wolfi/bind-toolspkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 0+ 28 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.11.2-lp151.11.3.1
- (no CPE)range: < 9.11.2-lp151.11.3.1
- (no CPE)range: < 9.11.2-3.10.1
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.9.6P1-0.51.15.4
- (no CPE)range: < 9.9.6P1-0.51.15.4
- (no CPE)range: < 9.11.2-3.10.1
- (no CPE)range: < 9.9.9P1-28.42.1
- (no CPE)range: < 9.11.2-3.10.1
- (no CPE)range: < 9.11.2-3.10.1
Patches
Vulnerability mechanics
References
14- lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2018:2570mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:2571mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201903-13mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3769-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3769-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/105055mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041436mitrevdb-entryx_refsource_SECTRACK
- kb.isc.org/docs/aa-01639mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/08/msg00033.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2021/11/msg00001.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20180926-0003/mitrex_refsource_CONFIRM
- support.hpe.com/hpsc/doc/public/displaymitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.