{"id":"CVE-2018-5740","details":"\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0-\u003e9.8.8, 9.9.0-\u003e9.9.13, 9.10.0-\u003e9.10.8, 9.11.0-\u003e9.11.4, 9.12.0-\u003e9.12.2, 9.13.0-\u003e9.13.2.","modified":"2026-04-16T06:19:10.243688919Z","published":"2019-01-16T20:29:01.017Z","related":["CGA-qq9v-cqj3-vrq9","SUSE-SU-2019:1407-1","SUSE-SU-2019:14074-1","SUSE-SU-2019:1449-1","SUSE-SU-2019:2502-1","openSUSE-SU-2019:1533-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105055"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2571"},{"type":"ADVISORY","url":"https://kb.isc.org/docs/aa-01639"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html"},{"type":"ADVISORY","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041436"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2570"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-13"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180926-0003/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3769-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3769-2/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/isc-projects/bind9","events":[{"introduced":"0"},{"last_affected":"6d06e7e7e585e30b419e4e20815cb8233c48f7b1"},{"introduced":"0"},{"last_affected":"6d06e7e7e585e30b419e4e20815cb8233c48f7b1"},{"introduced":"0"},{"last_affected":"d7e5f7903de06e504aac4a3822a41d69e159e370"},{"introduced":"0"},{"last_affected":"6d06e7e7e585e30b419e4e20815cb8233c48f7b1"},{"introduced":"0"},{"last_affected":"f8a0c0bed6ed629e314d22619510939c61d88b0e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"8.0"}]}},{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"e3734ed6d178397992a7f354f75d3a8db785857c"},{"fixed":"8fc2e36186691698d247ab040b83793a9189de73"},{"introduced":"3514c49b2fbcdf95b2735878e2487fce9a3ddad5"},{"fixed":"3f3dd451af293119716d912c77a6da5918bf523a"},{"introduced":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"fixed":"12f71327ff796ed24752a4286fc0b3d9b21a4a57"},{"introduced":"1477c19dd9a347ee19a42dac227f299a4680506f"},{"fixed":"2fe4344de48d6061bef5a4000066a99a7c1296a6"},{"introduced":"71a40862c0be867999867cd99e21c2266a5e452b"},{"fixed":"3631aeb0709b460afc66ca8bff609bf93ef24bec"},{"introduced":"29b3a7d84240a51099490c0f39ae537f4e0d6a7a"},{"fixed":"4f6ef2f3e5bacd74da2cf2e4f8e51f3d7682b9a1"},{"introduced":"0"},{"last_affected":"19d6c56085e97cf4ac559cdc27edd624127bcb32"}],"database_specific":{"versions":[{"introduced":"9.7.0"},{"fixed":"9.8.8"},{"introduced":"9.9.0"},{"fixed":"9.9.13"},{"introduced":"9.10.0"},{"fixed":"9.10.8"},{"introduced":"9.11.0"},{"fixed":"9.11.4"},{"introduced":"9.12.0"},{"fixed":"9.12.2"},{"introduced":"9.13.0"},{"fixed":"9.13.2"},{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["ondrej/008bfb6249a5f81d9e02ad4d39fda63fab57a0ad","ondrej/00ce93a69cd809810b82dbb229abf59d8e5850cc","ondrej/067f87f158b633e18a9c6fd0b038d1dc288bcb74","ondrej/074c7cc12c0eda40441926a8a96631c3176824a9","ondrej/1a1413ff5910ace7919bb8db0a1bb1f6e9c9ff7d","ondrej/2438db2eae8baf084615aff3b210ea51cd2f1fe1","ondrej/4098157e6ce98910ff99c58c41c6cf8069b79cc7","ondrej/4281aaab4503116fcf50caa348e1b5e7d414b742","ondrej/42e84e4b97be23f2b3754844e9d4478f48e92b48","ondrej/46caf5f4a4522d42480aee4d5949ea9546f98c2f","ondrej/4d292fc37ff5e99462756352c6028af7d0becf74","ondrej/4f369af51ede0e5ac7b3a14c451c5a41350a61cc","ondrej/53738634c3b511bd78e6626df95ae140631b080c","ondrej/6d06e7e7e585e30b419e4e20815cb8233c48f7b1","ondrej/6d1fdb850516a8d1fbfa853c56a1ef7627d54a72","ondrej/761b47a64845cb647d4fa3362be538eb0e7174d9","ondrej/840e56a979c3719ded668d5aaa04b1bddce465ef","ondrej/9cd2880a82f627bc44ab65fdaa19c2bcd9e61c96","ondrej/a42afbce2e34a5f990517fee7eab013c4adb8c0a","ondrej/a5f554959ec531712f6e14a8cb8c90d87cc27932","ondrej/b177581bb230d89821d1e2e5e91f93bee3fc4192","ondrej/b6298b394e9eaefcfa2458cd56c345d778e99b8e","ondrej/be1e6499742e241d71c7e79434e278a0c89d141b","ondrej/c63b7fad498dbe56710b655bd296a58abba64bb8","ondrej/d7e5f7903de06e504aac4a3822a41d69e159e370","ondrej/e00b13ac6e5a49434fbe534b0cab86b9ee4fbdb5","ondrej/f8a0c0bed6ed629e314d22619510939c61d88b0e","ondrej/fb07c38697c9f4f76dcb921487c4f96813c99b69","v9.0.0","v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.10.0b2","v9.10.0rc1","v9.10.0rc2","v9.10.1","v9.10.1b1","v9.10.1b2","v9.10.1rc1","v9.10.1rc2","v9.10.2","v9.10.2b1","v9.10.2rc1","v9.10.2rc2","v9.10.3","v9.10.3b1","v9.10.3rc1","v9.10.4","v9.10.4b1","v9.10.4b2","v9.10.4b3","v9.10.4rc1","v9.10.5","v9.10.5b1","v9.10.5rc1","v9.10.5rc2","v9.10.5rc3","v9.10.6b1","v9.10.6rc1","v9.10.7b1","v9.10.7rc1","v9.10.8rc2","v9.11.0","v9.11.0a1","v9.11.0a2","v9.11.0a3","v9.11.1","v9.11.1b1","v9.11.1rc1","v9.11.1rc2","v9.11.1rc3","v9.11.2b1","v9.11.2rc1","v9.11.3b1","v9.11.3rc1","v9.11.4rc2","v9.12.0a1","v9.12.0b1","v9.12.0b2","v9.12.0rc1","v9.12.1b1","v9.12.1rc1","v9.12.2rc2","v9.13.0","v9.13.2","v9.13.3","v9.13.4","v9.13.5","v9.13.6","v9.15.0","v9.15.2","v9.15.3","v9.15.4","v9.15.7","v9.15.8","v9.19.0","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1","v9.8.0","v9.8.0rc1","v9.8.1b1","v9.8.1rc1","v9.8.2b1","v9.8.2rc1","v9.8.2rc2","v9.8.4b1","v9.8.4rc1","v9.8.5","v9.8.5b1","v9.8.5b2","v9.8.5rc1","v9.8.5rc2","v9.8.6","v9.8.6b1","v9.8.6rc1","v9.8.6rc2","v9.8.7","v9.8.7b1","v9.8.7rc1","v9.8.7rc2","v9.8.8b1","v9.8.8b2","v9.8.8rc1","v9.8.8rc2","v9.9.0","v9.9.1","v9.9.10","v9.9.10b1","v9.9.10rc1","v9.9.10rc2","v9.9.10rc3","v9.9.11b1","v9.9.11rc1","v9.9.12b1","v9.9.12rc1","v9.9.13rc2","v9.9.2b1","v9.9.2rc1","v9.9.3","v9.9.3b1","v9.9.3b2","v9.9.3rc1","v9.9.3rc2","v9.9.4","v9.9.4b1","v9.9.4rc2","v9.9.5","v9.9.5b1","v9.9.5rc1","v9.9.5rc2","v9.9.6","v9.9.6b1","v9.9.6b2","v9.9.6rc1","v9.9.6rc2","v9.9.7","v9.9.7b1","v9.9.7rc1","v9.9.7rc2","v9.9.8","v9.9.8b1","v9.9.8rc1","v9.9.9","v9.9.9b1","v9.9.9b2","v9.9.9rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"42.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5740.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}