CVE-2018-5742
An oversight while backporting a feature leads to an assertion failure in buffer.c:420
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
Mientras se ejecuta un backport de una característica para una nueva rama de BIND9, RedHat introdujo una ruta que conlleva a un fallo de aserción en buffer.c:420. Afecta a las versiones de RedHat bind-9.9.4-65.el7 hasta bind-9.9.4-72.el7. No existen versiones de ISC afectadas. Otros paquetes de otras distribuciones que cometieron el mismo error también pueden estar afectados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-17 CVE Reserved
- 2019-01-29 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-617: Reachable Assertion
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://access.redhat.com/security/cve/cve-2018-5742 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2018-5742 | 2019-01-29 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1655844 | 2019-01-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.9.4-65 <= 9.9.4-72 Search vendor "Isc" for product "Bind" and version " >= 9.9.4-65 <= 9.9.4-72" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|