By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
AV:N/AC:M/Au:N/C:N/I:N/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
F5 |
|
Isc |
|
Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
Configuration 16 [-]
|
Configuration 17 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat Enterprise Linux 6 | |||
bind-32:9.8.2-0.68.rc1.el6_10.3 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2019:1492 | 2019-06-17T00:00:00Z |
Red Hat Enterprise Linux 7 | |||
bind-32:9.9.4-74.el7_6.1 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2019:1294 | 2019-05-29T00:00:00Z |
Red Hat Enterprise Linux 7.4 Extended Update Support | |||
bind-32:9.9.4-51.el7_4.3 | cpe:/o:redhat:rhel_eus:7.4 | RHSA-2019:2698 | 2019-09-12T00:00:00Z |
Red Hat Enterprise Linux 7.5 Extended Update Support | |||
bind-32:9.9.4-61.el7_5.2 | cpe:/o:redhat:rhel_eus:7.5 | RHSA-2019:2977 | 2019-10-08T00:00:00Z |
Red Hat Enterprise Linux 8 | |||
bind-32:9.11.4-17.P2.el8_0 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2019:1145 | 2019-05-13T00:00:00Z |
bind-32:9.11.4-17.P2.el8_0 | cpe:/o:redhat:enterprise_linux:8 | RHSA-2019:1145 | 2019-05-13T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: isc
Published: 2019-10-09T14:17:14.293079Z
Updated: 2024-09-17T02:26:38.493Z
Reserved: 2018-01-17T00:00:00
Link: CVE-2018-5743
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-10-09T16:15:13.763
Modified: 2024-11-21T04:09:17.967
Link: CVE-2018-5743
Redhat