Total
368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6467 | 1 Isc | 1 Bind | 2019-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch. | |||||
| CVE-2019-6472 | 1 Isc | 1 Kea | 2019-12-05 | 3.3 LOW | 6.5 MEDIUM |
| A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. | |||||
| CVE-2018-5742 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2019-11-07 | 4.3 MEDIUM | 7.5 HIGH |
| While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected. | |||||
| CVE-2018-5735 | 1 Debian | 1 Debian Linux | 2019-11-06 | 5.0 MEDIUM | 7.5 HIGH |
| The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected. | |||||
| CVE-2019-6476 | 1 Isc | 1 Bind | 2019-10-23 | 5.0 MEDIUM | 7.5 HIGH |
| A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4. | |||||
| CVE-2019-6473 | 1 Ics | 1 Kea | 2019-10-21 | 3.3 LOW | 6.5 MEDIUM |
| An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. | |||||
| CVE-2018-5734 | 2 Isc, Netapp | 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2. | |||||
| CVE-2018-5737 | 2 Isc, Netapp | 3 Bind, Cloud Backup, Data Ontap Edge | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1. | |||||
| CVE-2017-3137 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. | |||||
| CVE-2017-3138 | 3 Debian, Isc, Netapp | 5 Debian Linux, Bind, Data Ontap Edge and 2 more | 2019-10-09 | 3.5 LOW | 5.3 MEDIUM |
| named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9. | |||||
| CVE-2017-0375 | 1 Torproject | 1 Tor | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |||||
| CVE-2018-5736 | 2 Isc, Netapp | 3 Bind, Cloud Backup, Data Ontap Edge | 2019-10-02 | 3.5 LOW | 5.3 MEDIUM |
| An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1. | |||||
| CVE-2018-4113 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. | |||||
| CVE-2018-17231 | 1 Telegram | 1 Telegram Desktop | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary. | |||||
| CVE-2018-19963 | 1 Xen | 1 Xen | 2019-10-02 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled. | |||||
| CVE-2017-5981 | 1 Zziplib Project | 1 Zziplib | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. | |||||
| CVE-2017-5986 | 1 Linux | 1 Linux Kernel | 2019-10-02 | 7.1 HIGH | 5.5 MEDIUM |
| Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. | |||||
| CVE-2017-7479 | 1 Openvpn | 1 Openvpn | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | |||||
| CVE-2017-7508 | 1 Openvpn | 1 Openvpn | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | |||||
| CVE-2017-8372 | 1 Underbit | 1 Mad Libmad | 2019-10-02 | 2.6 LOW | 4.7 MEDIUM |
| The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. | |||||