CVE-2018-5744 - OpenCVE

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Isc	Bind

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind::::::::
	cpe:2.3:a:isc:bind::::::::
	cpe:2.3:a:isc:bind::::::::
	cpe:2.3:a:isc:bind::::::::
	cpe:2.3:a:isc:bind:9.10.7:s1:::supported_preview:::*
	cpe:2.3:a:isc:bind:9.10.8:-::::::
	cpe:2.3:a:isc:bind:9.10.8:p1::::::
	cpe:2.3:a:isc:bind:9.10.8:rc1::::::
	cpe:2.3:a:isc:bind:9.10.8:rc2::::::
	cpe:2.3:a:isc:bind:9.11.5:-::::::
	cpe:2.3:a:isc:bind:9.11.5:p1::::::
	cpe:2.3:a:isc:bind:9.11.5:rc1::::::
	cpe:2.3:a:isc:bind:9.11.5:s3:::supported_preview:::*
	cpe:2.3:a:isc:bind:9.12.3:-::::::
	cpe:2.3:a:isc:bind:9.12.3:p1::::::
	cpe:2.3:a:isc:bind:9.12.3:rc1::::::

References

Link	Resource
https://kb.isc.org/docs/cve-2018-5744	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: isc

Published: 2019-02-21T00:00:00

Updated: 2019-10-09T14:17:14

Reserved: 2018-01-17T00:00:00

Link: CVE-2018-5744

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-09T16:15:13.907

Modified: 2019-11-05T16:58:10.747

Link: CVE-2018-5744

JSON object: View

Redhat Information

No data.

CWE

CWE-772

{"containers": {"cna": {"affected": [{"product": "BIND 9", "vendor": "ISC", "versions": [{"status": "affected", "version": "BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."}]}], "credits": [{"lang": "en", "value": "ISC would like to thank Toshifumi Sakaguchi for reporting this issue to us."}], "datePublic": "2019-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T14:17:14", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/cve-2018-5744"}], "solutions": [{"lang": "en", "value": "Upgrade to a version of BIND containing a fix for the memory leak.\n\n >= BIND 9.11.5-P4\n >= BIND 9.12.3-P4\n"}], "source": {"discovery": "EXTERNAL"}, "title": "A specially crafted packet can cause named to leak memory", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2019-02-21T00:00:00.000Z", "ID": "CVE-2018-5744", "STATE": "PUBLIC", "TITLE": "A specially crafted packet can cause named to leak memory"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIND 9", "version": {"version_data": [{"version_name": "BIND 9", "version_value": "BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."}]}}]}, "vendor_name": "ISC"}]}}, "credit": [{"lang": "eng", "value": "ISC would like to thank Toshifumi Sakaguchi for reporting this issue to us."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted."}]}]}, "references": {"reference_data": [{"name": "https://kb.isc.org/docs/cve-2018-5744", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/cve-2018-5744"}]}, "solution": [{"lang": "en", "value": "Upgrade to a version of BIND containing a fix for the memory leak.\n\n >= BIND 9.11.5-P4\n >= BIND 9.12.3-P4\n"}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2018-5744", "datePublished": "2019-02-21T00:00:00", "dateReserved": "2018-01-17T00:00:00", "dateUpdated": "2019-10-09T14:17:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "36D308B6-4ED9-489D-A67F-959B52DB7CAD", "versionEndExcluding": "9.10.8", "versionStartIncluding": "9.10.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A1A72B8-2E02-41EF-A24E-77D6322DBEFF", "versionEndExcluding": "9.11.5", "versionStartIncluding": "9.11.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1B4653B-EE51-40D1-8845-FF2873C6D135", "versionEndExcluding": "9.12.3", "versionStartIncluding": "9.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F1DDC1A-7611-4242-9F5B-DC11B1DDE7A7", "versionEndExcluding": "9.13.6", "versionStartIncluding": "9.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "6243685F-1E5B-4FF6-AE1B-44798032FBA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "matchCriteriaId": "5ABCD105-A5E8-41AF-AE84-622543953449", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "matchCriteriaId": "58D8814F-07FC-42A8-99EF-CD84AADEDC57", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "D2EE4D37-E5E9-4602-AC6B-5637E4483530", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "5DAC3F97-D828-474C-80D7-6D23A86372BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "matchCriteriaId": "A10C5868-A7C3-48A5-BDE9-1CE0FC0F515F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "matchCriteriaId": "EB1A7C62-4700-4DE1-B0C2-16D94D0FE4C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "9F066C19-68DB-44BE-8757-ACD794BA1A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "matchCriteriaId": "1AA16E51-819C-4A1B-B66E-1C60C1782C0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "matchCriteriaId": "F59BE241-48B6-47CC-8500-96A8A1E67954", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "matchCriteriaId": "4B12AA91-F54B-4C97-9168-8E276F16F22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "D9759042-7B05-476D-8D2E-05BE221FFA64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."}, {"lang": "es", "value": "Se puede presentar un fallo al liberar memoria cuando se procesan mensajes que tienen una combinaci\u00f3n espec\u00edfica de opciones EDNS. Las versiones afectadas son: BIND 9.10.7 hasta 9.10.8-P1, 9.11.3 hasta 9.11.5-P1, 9.12.0 hasta 9.12.3-P1, y las versiones 9.10.7-S1 hasta 9.11.5-S3 de BIND 9 Supported Preview Edition. Las versiones 9.13.0 hasta 9.13.6 de la rama de desarrollo 9.13 tambi\u00e9n est\u00e1n afectadas."}], "id": "CVE-2018-5744", "lastModified": "2019-11-05T16:58:10.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-09T16:15:13.907", "references": [{"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2018-5744"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}