CVE-2018-5736

Name of the Vulnerable Software and Affected Versions: BIND versions 9.12.0 through 9.12.1

Description: An error in zone database reference counting can lead to an assertion failure if a server attempts several transfers of a slave zone in quick succession. This issue could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers, for example, by sending valid NOTIFY messages, causing the named process to exit after failing the assertion test.

Recommendations: For versions 9.12.0 and 9.12.1, update to a version that fixes the zone database reference counting issue to prevent assertion failures during zone transfers.