An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
Description
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
329.9.0 to 9.10.8-P1, 9.11.0 to 9.11.5-P1, 9.12.0 to 9.12.3-P1, 9.13.0 to 9.13.6, and 9.9.3-S1 to 9.11.5-S3 for Supported Preview Edition+ 1 more
- (no CPE)range: 9.9.0 to 9.10.8-P1, 9.11.0 to 9.11.5-P1, 9.12.0 to 9.12.3-P1, 9.13.0 to 9.13.6, and 9.9.3-S1 to 9.11.5-S3 for Supported Preview Edition
- (no CPE)range: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.
- osv-coords30 versionspkg:apk/chainguard/bindpkg:apk/chainguard/bind-devpkg:apk/chainguard/bind-dnssec-rootpkg:apk/chainguard/bind-dnssec-toolspkg:apk/chainguard/bind-docpkg:apk/chainguard/bind-libspkg:apk/chainguard/bind-pluginspkg:apk/chainguard/bind-toolspkg:apk/wolfi/bindpkg:apk/wolfi/bind-devpkg:apk/wolfi/bind-dnssec-rootpkg:apk/wolfi/bind-dnssec-toolspkg:apk/wolfi/bind-docpkg:apk/wolfi/bind-libspkg:apk/wolfi/bind-pluginspkg:apk/wolfi/bind-toolspkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweedpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 0+ 29 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.11.2-lp151.11.3.1
- (no CPE)range: < 9.11.2-lp151.11.3.1
- (no CPE)range: < 9.16.20-1.4
- (no CPE)range: < 9.11.2-3.10.1
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.11.2-12.11.2
- (no CPE)range: < 9.9.6P1-0.51.15.4
- (no CPE)range: < 9.9.6P1-0.51.15.4
- (no CPE)range: < 9.11.2-3.10.1
- (no CPE)range: < 9.9.9P1-28.42.1
- (no CPE)range: < 9.11.2-3.10.1
- (no CPE)range: < 9.11.2-3.10.1
Patches
Vulnerability mechanics
References
2- access.redhat.com/errata/RHSA-2019:3552mitrevendor-advisoryx_refsource_REDHAT
- kb.isc.org/docs/cve-2018-5745mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.