cve/2018/CVE-2018-5740.md

### [CVE-2018-5740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740)
![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=BIND%209%209.7.0-%3E9.8.8%2C%209.9.0-%3E9.9.13%2C%209.10.0-%3E9.10.8%2C%209.11.0-%3E9.11.4%2C%209.12.0-%3E9.12.2%2C%209.13.0-%3E9.13.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Accidental%20or%20deliberate%20triggering%20of%20this%20defect%20will%20cause%20a%20REQUIRE%20assertion%20failure%20in%20named%2C%20causing%20the%20named%20process%20to%20stop%20execution%20and%20resulting%20in%20denial%20of%20service%20to%20clients.%20%20Only%20servers%20which%20have%20explicitly%20enabled%20the%20%22deny-answer-aliases%22%20feature%20are%20at%20risk%20and%20disabling%20the%20feature%20prevents%20exploitation.&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Accidental%20or%20deliberate%20triggering%20of%20this%20defect%20will%20cause%20a%20REQUIRE%20assertion%20failure%20in%20named%2C%20causing%20the%20named%20process%20to%20stop%20execution%20and%20resulting%20in%20denial%20of%20service%20to%20clients.&color=brighgreen)

### Description

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/sischkg/cve-2018-5740
- https://github.com/tomoyamachi/gocarts
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-5740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740)`
			`![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=BIND%209%209.7.0-%3E9.8.8%2C%209.9.0-%3E9.9.13%2C%209.10.0-%3E9.10.8%2C%209.11.0-%3E9.11.4%2C%209.12.0-%3E9.12.2%2C%209.13.0-%3E9.13.2%20&color=brighgreen)`
			![](https://img.shields.io/static/v1?label=Vulnerability&message=Accidental%20or%20deliberate%20triggering%20of%20this%20defect%20will%20cause%20a%20REQUIRE%20assertion%20failure%20in%20named%2C%20causing%20the%20named%20process%20to%20stop%20execution%20and%20resulting%20in%20denial%20of%20service%20to%20clients.%20%20Only%20servers%20which%20have%20explicitly%20enabled%20the%20%22deny-answer-aliases%22%20feature%20are%20at%20risk%20and%20disabling%20the%20feature%20prevents%20exploitation.&color=brighgreen)
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Accidental%20or%20deliberate%20triggering%20of%20this%20defect%20will%20cause%20a%20REQUIRE%20assertion%20failure%20in%20named%2C%20causing%20the%20named%20process%20to%20stop%20execution%20and%20resulting%20in%20denial%20of%20service%20to%20clients.&color=brighgreen)`

			`### Description`

			`"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/sischkg/cve-2018-5740`
			`- https://github.com/tomoyamachi/gocarts`