CVE-2018-5736 log

Severity Medium
Remote Yes
Type Denial of service
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession.
Group Package Affected Fixed Severity Status Ticket
AVG-706 bind 9.12.1-1 9.12.1.P2-1 Medium Fixed
Date Advisory Group Package Severity Type
20 May 2018 ASA-201805-20 AVG-706 bind Medium denial of service

For servers which must receive notifies to keep slave zone contents current, no complete workarounds are known although restricting BIND to only accept NOTIFY messages from authorized sources can greatly mitigate the risk of attack.