BIND versions 9.12.0 and 9.12.1 have an error in zone database reference counting that can lead to an assertion failure if a server attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test.
Statement: This security flaw only affects bind versions 9.12.0 and 9.12.1. Since Red Hat Enterprise Linux does not ship any of these bind versions, it is not affected.
External Reference: https://kb.isc.org/article/AA-01602/74/CVE-2018-5736 Upstream Patch: https://ftp.isc.org/isc/bind9/9.12.1-P2/patches/cve5736.patch