CVE-2018-5736

{"id": "CVE-2018-5736", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2019-01-16T20:29:00.830", "references": [{"url": "http://www.securityfocus.com/bid/104386", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security-officer@isc.org"}, {"url": "http://www.securitytracker.com/id/1040941", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security-officer@isc.org"}, {"url": "https://kb.isc.org/docs/aa-01602", "tags": ["Vendor Advisory"], "source": "security-officer@isc.org"}, {"url": "https://security.netapp.com/advisory/ntap-20180926-0004/", "tags": ["Third Party Advisory"], "source": "security-officer@isc.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-617"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1."}, {"lang": "es", "value": "Un error en el conteo de la base de datos de la zona puede conducir a un fallo de aserci\u00f3n si un servidor que est\u00e1 ejecutando una versi\u00f3n afectada de BIND intenta realizar varias transferencias hacia una zona esclava en r\u00e1pida sucesi\u00f3n. Este defecto podr\u00eda ser aprovechado deliberadamente por un atacante al que se le permite hacer que un servidor vulnerable inicie transferencias de zona (por ejemplo, mediante el env\u00edo de mensajes NOTIFY v\u00e1lidos), lo que provoca que el proceso named se cierre tras fallar la prueba de aserci\u00f3n. Afecta a BIND en versiones 9.12.0 y 9.12.1."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DCE4BD2-2256-473F-B17F-192CAC145DF1"}, {"criteria": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "440CFE40-C9B7-4E6E-800D-DD595F8FC38E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"}, {"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED"}], "operator": "OR"}]}], "sourceIdentifier": "security-officer@isc.org"}