Lookup for vulnerable packages by Package URL.
| Purl | pkg:apk/alpine/bind@9.12.2_p1-r0?arch=x86_64&distroversion=v3.21&reponame=main |
|---|
| Type | apk |
|---|
| Namespace | alpine |
|---|
| Name | bind |
|---|
| Version | 9.12.2_p1-r0 |
|---|
| Qualifiers |
| arch |
x86_64 |
| distroversion |
v3.21 |
| reponame |
main |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 9.12.3_p4-r0 |
|---|
| Latest_non_vulnerable_version | 9.18.49-r0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-67ph-w3bg-r3d6 |
| vulnerability_id |
VCID-67ph-w3bg-r3d6 |
| summary |
Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-5738 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03303 |
| scoring_system |
epss |
| scoring_elements |
0.8746 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.03303 |
| scoring_system |
epss |
| scoring_elements |
0.8749 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.03303 |
| scoring_system |
epss |
| scoring_elements |
0.87479 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.03303 |
| scoring_system |
epss |
| scoring_elements |
0.87478 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.03303 |
| scoring_system |
epss |
| scoring_elements |
0.87482 |
| published_at |
2026-06-05T12:55:00Z |
|
| 5 |
| value |
0.03303 |
| scoring_system |
epss |
| scoring_elements |
0.87481 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-5738 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-5738
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-67ph-w3bg-r3d6 |
|
| 1 |
| url |
VCID-en2e-vaud-bydc |
| vulnerability_id |
VCID-en2e-vaud-bydc |
| summary |
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-5740 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.6453 |
| scoring_system |
epss |
| scoring_elements |
0.98471 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.6453 |
| scoring_system |
epss |
| scoring_elements |
0.98474 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.6453 |
| scoring_system |
epss |
| scoring_elements |
0.98475 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.6453 |
| scoring_system |
epss |
| scoring_elements |
0.98472 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-5740 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-5740
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-en2e-vaud-bydc |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:apk/alpine/bind@9.12.2_p1-r0%3Farch=x86_64&distroversion=v3.21&reponame=main |
|---|