Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-5743

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Published

2019-10-09T16:15:13.763

Last Modified

2024-11-21T04:09:17.967

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_local_traffic_manager	≤ 11.6.5	Yes
Application	f5	big-ip_local_traffic_manager	≤ 12.1.4	Yes
Application	f5	big-ip_local_traffic_manager	≤ 13.1.1	Yes
Application	f5	big-ip_local_traffic_manager	≤ 14.1.0	Yes
Application	f5	big-ip_local_traffic_manager	15.0.0	Yes
Application	f5	big-ip_application_acceleration_manager	≤ 11.6.5	Yes
Application	f5	big-ip_application_acceleration_manager	≤ 12.1.4	Yes
Application	f5	big-ip_application_acceleration_manager	≤ 13.1.1	Yes
Application	f5	big-ip_application_acceleration_manager	≤ 14.1.0	Yes
Application	f5	big-ip_application_acceleration_manager	15.0.0	Yes
Application	f5	big-ip_advanced_firewall_manager	≤ 11.6.5	Yes
Application	f5	big-ip_advanced_firewall_manager	≤ 12.1.4	Yes
Application	f5	big-ip_advanced_firewall_manager	≤ 13.1.1	Yes
Application	f5	big-ip_advanced_firewall_manager	≤ 14.1.0	Yes
Application	f5	big-ip_advanced_firewall_manager	15.0.0	Yes
Application	f5	big-ip_analytics	≤ 11.6.5	Yes
Application	f5	big-ip_analytics	≤ 12.1.4	Yes
Application	f5	big-ip_analytics	≤ 13.1.1	Yes
Application	f5	big-ip_analytics	≤ 14.1.0	Yes
Application	f5	big-ip_analytics	15.0.0	Yes
Application	f5	big-ip_access_policy_manager	≤ 11.6.5	Yes
Application	f5	big-ip_access_policy_manager	≤ 12.1.4	Yes
Application	f5	big-ip_access_policy_manager	≤ 13.1.1	Yes
Application	f5	big-ip_access_policy_manager	≤ 14.1.0	Yes
Application	f5	big-ip_access_policy_manager	15.0.0	Yes
Application	f5	big-ip_application_security_manager	≤ 11.6.5	Yes
Application	f5	big-ip_application_security_manager	≤ 12.1.4	Yes
Application	f5	big-ip_application_security_manager	≤ 13.1.1	Yes
Application	f5	big-ip_application_security_manager	≤ 14.1.1	Yes
Application	f5	big-ip_application_security_manager	15.0.0	Yes
Application	f5	big-ip_edge_gateway	≤ 11.6.5	Yes
Application	f5	big-ip_edge_gateway	≤ 12.1.4	Yes
Application	f5	big-ip_edge_gateway	≤ 13.1.1	Yes
Application	f5	big-ip_edge_gateway	≤ 14.1.0	Yes
Application	f5	big-ip_edge_gateway	15.0.0	Yes
Application	f5	big-ip_fraud_protection_service	≤ 11.6.5	Yes
Application	f5	big-ip_fraud_protection_service	≤ 12.1.4	Yes
Application	f5	big-ip_fraud_protection_service	≤ 13.1.1	Yes
Application	f5	big-ip_fraud_protection_service	≤ 14.1.0	Yes
Application	f5	big-ip_fraud_protection_service	15.0.0	Yes
Application	f5	big-ip_global_traffic_manager	≤ 11.6.5	Yes
Application	f5	big-ip_global_traffic_manager	≤ 12.1.4	Yes
Application	f5	big-ip_global_traffic_manager	≤ 13.1.1	Yes
Application	f5	big-ip_global_traffic_manager	≤ 14.1.0	Yes
Application	f5	big-ip_global_traffic_manager	15.0.0	Yes
Application	f5	big-ip_link_controller	≤ 11.6.5	Yes
Application	f5	big-ip_link_controller	≤ 12.1.4	Yes
Application	f5	big-ip_link_controller	≤ 13.1.1	Yes
Application	f5	big-ip_link_controller	≤ 14.1.0	Yes
Application	f5	big-ip_link_controller	15.0.0	Yes
Application	f5	big-ip_webaccelerator	≤ 11.6.5	Yes
Application	f5	big-ip_webaccelerator	≤ 12.1.4	Yes
Application	f5	big-ip_webaccelerator	≤ 13.1.1	Yes
Application	f5	big-ip_webaccelerator	≤ 14.1.0	Yes
Application	f5	big-ip_webaccelerator	15.0.0	Yes
Application	f5	big-ip_policy_enforcement_manager	≤ 11.6.5	Yes
Application	f5	big-ip_policy_enforcement_manager	≤ 12.1.4	Yes
Application	f5	big-ip_policy_enforcement_manager	≤ 13.1.1	Yes
Application	f5	big-ip_policy_enforcement_manager	≤ 14.1.0	Yes
Application	f5	big-ip_policy_enforcement_manager	15.0.0	Yes
Application	isc	bind	≤ 9.10.8	Yes
Application	isc	bind	≤ 9.11.6	Yes
Application	isc	bind	≤ 9.12.4	Yes
Application	isc	bind	≤ 9.13.7	Yes
Application	isc	bind	9.9.3	Yes
Application	isc	bind	9.10.8	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.14.0	Yes
Application	f5	enterprise_manager	3.1.1	Yes
Application	f5	big-iq_centralized_management	≤ 5.4.0	Yes
Application	f5	big-iq_centralized_management	≤ 6.1.0	Yes
Application	f5	iworkflow	2.3.0	Yes
Application	f5	big-ip_domain_name_system	≤ 11.6.5	Yes
Application	f5	big-ip_domain_name_system	≤ 12.1.4	Yes
Application	f5	big-ip_domain_name_system	≤ 13.1.1	Yes
Application	f5	big-ip_domain_name_system	≤ 14.1.0	Yes
Application	f5	big-ip_domain_name_system	15.0.0	Yes

References

https://kb.isc.org/docs/cve-2018-5743 Third Party Advisory ([email protected])
https://support.f5.com/csp/article/K74009656?utm_source=f5support&amp%3Butm_medium=RSS ([email protected])
https://www.synology.com/security/advisory/Synology_SA_19_20 ([email protected])
https://kb.isc.org/docs/cve-2018-5743 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K74009656?utm_source=f5support&amp%3Butm_medium=RSS (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/security/advisory/Synology_SA_19_20 (af854a3a-2127-422b-91ae-364da2661108)