What is CVE-2018-5740?

CVE-2018-5740 is a high-severity vulnerability in Isc Bind 9. CVSS score: 7.5/10. Published 2019-01-16.

How severe is CVE-2018-5740?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2018-5740 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Isc Bind 9

CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect i…

EPSS: 0.645 (98.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Isc Bind 9 — versions BIND 9 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2

Public proof-of-concept exploits

References

105055 (vdb-entry, x_refsource_BID)
[debian-lts-announce] 20180830 [SECURITY] [DLA 1485-1] bind9 security update (mailing-list, x_refsource_MLIST)
RHSA-2018:2570 (vendor-advisory, x_refsource_REDHAT)
RHSA-2018:2571 (vendor-advisory, x_refsource_REDHAT)
USN-3769-2 (vendor-advisory, x_refsource_UBUNTU)
1041436 (vdb-entry, x_refsource_SECTRACK)
security.netapp.com/advisory/ntap-20180926-0003/ (x_refsource_CONFIRM)
kb.isc.org/docs/aa-01639 (x_refsource_CONFIRM)
USN-3769-1 (vendor-advisory, x_refsource_UBUNTU)
GLSA-201903-13 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2018-5740?: CVE-2018-5740 is a high-severity vulnerability in Isc Bind 9. CVSS score: 7.5/10. Published 2019-01-16.
How severe is CVE-2018-5740?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2018-5740 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.