CVE-2018-5737 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.
Group Package Affected Fixed Severity Status Ticket
AVG-706 bind 9.12.1-1 9.12.1.P2-1 Medium Fixed
Date Advisory Group Package Severity Description
20 May 2018 ASA-201805-20 AVG-706 bind Medium denial of service
References
https://kb.isc.org/article/AA-01606/74/CVE-2018-5737
Notes
Workaround:

Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)

Setting "stale-answer enable off;" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero.