From 487015ab9d66320eb5a834429a2789432a3d964d Mon Sep 17 00:00:00 2001 From: Brian Conry Date: Mon, 21 Oct 2019 17:03:20 -0500 Subject: [PATCH] [ISC] Update data for two vulns in modified versions of ISC products --- 2018/5xxx/CVE-2018-5735.json | 77 ++++++++++++++++++++++++++++++++++-- 2018/5xxx/CVE-2018-5742.json | 77 ++++++++++++++++++++++++++++++++++-- 2 files changed, 146 insertions(+), 8 deletions(-) diff --git a/2018/5xxx/CVE-2018-5735.json b/2018/5xxx/CVE-2018-5735.json index 71a42d92146..616797da1dd 100644 --- a/2018/5xxx/CVE-2018-5735.json +++ b/2018/5xxx/CVE-2018-5735.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2018-02-16T13:00:00.000Z", "ID": "CVE-2018-5735", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIND9", + "version": { + "version_data": [ + { + "version_name": "Debian BIND9", + "version_value": "9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1" + } + ] + } + } + ] + }, + "vendor_name": "Debian" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1\n\nNo ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-tracker.debian.org/tracker/CVE-2018-5735", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2018-5735" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/5xxx/CVE-2018-5742.json b/2018/5xxx/CVE-2018-5742.json index 81a38886029..eaac0c1ac1d 100644 --- a/2018/5xxx/CVE-2018-5742.json +++ b/2018/5xxx/CVE-2018-5742.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2018-12-18T13:00:00.000Z", "ID": "CVE-2018-5742", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "An oversight while backporting a feature leads to an assertion failure in buffer.c:420" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIND9", + "version": { + "version_data": [ + { + "version_name": "RedHat BIND9", + "version_value": "bind-9.9.4-65.el7 -> bind-9.9.4-72.el7" + } + ] + } + } + ] + }, + "vendor_name": "RedHat" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7.\n\nNo ISC releases are affected. Other packages from other distributions who made the same error may also be affected." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An oversight by RedHat while backporting a feature leads to an assertion failure in buffer.c:420" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://access.redhat.com/security/cve/cve-2018-5742", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/cve-2018-5742" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +}