CVE-2018-5737

Published: 16 January 2019

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
bind9 Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable
	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable
	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable

Notes

Author	Note
ratliff	9.12 only

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›