{"url":"http://public2.vulnerablecode.io/api/packages/345681?format=json","purl":"pkg:apk/alpine/bind@9.12.1_p2-r0?arch=aarch64&distroversion=v3.12&reponame=main","type":"apk","namespace":"alpine","name":"bind","version":"9.12.1_p2-r0","qualifiers":{"arch":"aarch64","distroversion":"v3.12","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.12.2_p1-r0","latest_non_vulnerable_version":"9.16.27-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60119?format=json","vulnerability_id":"VCID-45wz-94b7-87gz","summary":"An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5736","reference_id":"","reference_type":"","scores":[{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97553","published_at":"2026-06-04T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97558","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5736"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578591","reference_id":"1578591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578591"},{"reference_url":"https://security.archlinux.org/ASA-201805-20","reference_id":"ASA-201805-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-20"},{"reference_url":"https://security.archlinux.org/AVG-706","reference_id":"AVG-706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-706"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/345681?format=json","purl":"pkg:apk/alpine/bind@9.12.1_p2-r0?arch=aarch64&distroversion=v3.12&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/bind@9.12.1_p2-r0%3Farch=aarch64&distroversion=v3.12&reponame=main"}],"aliases":["CVE-2018-5736"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45wz-94b7-87gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60122?format=json","vulnerability_id":"VCID-chqp-rqde-5kcv","summary":"A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5737","reference_id":"","reference_type":"","scores":[{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.79133","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.79159","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5737"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578593","reference_id":"1578593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578593"},{"reference_url":"https://security.archlinux.org/ASA-201805-20","reference_id":"ASA-201805-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-20"},{"reference_url":"https://security.archlinux.org/AVG-706","reference_id":"AVG-706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-706"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/345681?format=json","purl":"pkg:apk/alpine/bind@9.12.1_p2-r0?arch=aarch64&distroversion=v3.12&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/bind@9.12.1_p2-r0%3Farch=aarch64&distroversion=v3.12&reponame=main"}],"aliases":["CVE-2018-5737"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chqp-rqde-5kcv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/bind@9.12.1_p2-r0%3Farch=aarch64&distroversion=v3.12&reponame=main"}