What is the severity of CVE-2018-5745?

CVE-2018-5745 is classified as a denial-of-service vulnerability that can lead to assertion failures in ISC BIND.

How do I fix CVE-2018-5745?

To mitigate CVE-2018-5745, upgrade ISC BIND to version 9.11.5 or 9.12.3 or apply the necessary patches.

Which versions of ISC BIND are affected by CVE-2018-5745?

CVE-2018-5745 affects versions of ISC BIND from 9.9.0 up to and including 9.12.2.

Can CVE-2018-5745 be exploited remotely?

Yes, CVE-2018-5745 can be exploited remotely by an authenticated attacker.

Is CVE-2018-5745 related to key management in ISC BIND?

Yes, CVE-2018-5745 is related to an error in the managed-keys feature of ISC BIND.

Vulnerability/
CVE-2018-5745

medium

4.9

CWE

327

20/2/2019

9/10/2019

16/9/2024

CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

First published: Wed Feb 20 2019(Updated: )

ISC BIND is vulnerable to a denial of service, caused by an error in the managed-keys feature. By replacing a trust anchor's keys with keys which use an unsupported algorithm, a remote authenticated attacker could exploit this vulnerability to cause an assertion failure.

Credit: security-officer@isc.org

Affected Software	Affected Version	How to fix
redhat/bind	<9.11.5	9.11.5
redhat/bind	<9.12.3	9.12.3
IBM Data Risk Manager	<=2.0.6
ISC BIND 9	>=9.9.0<=9.10.7
ISC BIND 9	>=9.11.0<=9.11.4
ISC BIND 9	>=9.12.0<=9.12.2
ISC BIND 9	>=9.13.0<=9.13.6
ISC BIND	=9.9.3-s1
ISC BIND 9	=9.10.7
ISC BIND 9	=9.10.8-p1
ISC BIND 9	=9.11.5
ISC BIND 9	=9.11.5-p1
ISC BIND	=9.11.5-s3
ISC BIND 9	=9.12.3
ISC BIND 9	=9.12.3-p1

Remedy

Upgrade to a version of BIND containing a fix preventing the assertion failure. >= BIND 9.11.5-P4 >= BIND 9.12.3-P4 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. >= BIND 9.11.5-S5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6335281

Frequently Asked Questions

What is the severity of CVE-2018-5745?
CVE-2018-5745 is classified as a denial-of-service vulnerability that can lead to assertion failures in ISC BIND.
How do I fix CVE-2018-5745?
To mitigate CVE-2018-5745, upgrade ISC BIND to version 9.11.5 or 9.12.3 or apply the necessary patches.
Which versions of ISC BIND are affected by CVE-2018-5745?
CVE-2018-5745 affects versions of ISC BIND from 9.9.0 up to and including 9.12.2.
Can CVE-2018-5745 be exploited remotely?
Yes, CVE-2018-5745 can be exploited remotely by an authenticated attacker.
Is CVE-2018-5745 related to key management in ISC BIND?
Yes, CVE-2018-5745 is related to an error in the managed-keys feature of ISC BIND.

agent/references
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-5745
agent/software-canonical-lookup
collector/ibm-support
source/IBM
agent/title
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
vendor/isc
canonical/isc bind 9
version/isc bind 9/9.9.0
version/isc bind 9/9.10.7
version/isc bind 9/9.11.0
version/isc bind 9/9.11.4
version/isc bind 9/9.12.0
version/isc bind 9/9.12.2
version/isc bind 9/9.13.0
version/isc bind 9/9.13.6
canonical/isc bind
version/isc bind/9.9.3-s1
version/isc bind 9/9.10.8-p1
version/isc bind 9/9.11.5
version/isc bind 9/9.11.5-p1
version/isc bind/9.11.5-s3
version/isc bind 9/9.12.3
version/isc bind 9/9.12.3-p1