Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-5744

Published: 09/10/2019 Updated: 05/11/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Isc

Vulnerability Summary

A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind prior to 9.13.7. By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.10.8

isc bind

isc bind 9.12.3

isc bind 9.11.5

isc bind 9.10.7

Vendor Advisories

Debian CVElist Bug Report Logs: bind9: CVE-2018-5744: A specially crafted packet can cause named to leak memory
Debian Bug report logs - #922953 bind9: CVE-2018-5744: A specially crafted packet can cause named to leak memory Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 22 Feb 2019 10:03:01 UTC Severity: grave Tags ...
Ubuntu Security Notice: bind9 vulnerabilities
Several security issues were fixed in Bind ...
Arch Linux Issues:
A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind before 9137 By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted Typically a server process is limited as to ...

Mailing Lists

Full Disclosure: Multiple BIND CVEs disclosed (CVE-2018-5744, CVE-2018-5745, CVE-2019-6465)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Multiple BIND CVEs disclosed (CVE-2018-5744, CVE-2018-5745, CVE-2019-6465) <!--X-Subject-Header-End--> <!--X-Head-of-Message-- ...

Github Repositories

https://github.com/sischkg/dnsonsen_advent_calender

BIND メモリリーク脆弱性とRoot KSK Rollover DNS温泉番外編2にて発表できなかったBINDのメモリリーク脆弱性の説明です。 脆弱性の概要 CVE-2018-5744 ISCからのセキュリティアドバイザリA specially crafted packet can cause named to leak memory 複数のKey Tag Optionを持つDNSクエリを受信すると、メモリをリー

https://github.com/sischkg/dnsonsen_advent_calendar

BIND メモリリーク脆弱性とRoot KSK Rollover DNS温泉番外編2にて発表できなかったBINDのメモリリーク脆弱性の説明です。 脆弱性の概要 CVE-2018-5744 ISCからのセキュリティアドバイザリA specially crafted packet can cause named to leak memory 複数のKey Tag Optionを持つDNSクエリを受信すると、メモリをリー

References

CWE-772https://kb.isc.org/docs/cve-2018-5744https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953https://usn.ubuntu.com/3893-1/https://nvd.nist.govhttps://security.archlinux.org/CVE-2018-5744
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook