CVE-2018-5743

EPSS 1.5%
Published 09.10.2019 16:15:13
Last modified 21.11.2024 04:09:17
Source security-officer@isc.org
Teams watchlist Login
Open Login

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Local Traffic Manager Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Local Traffic Manager Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Local Traffic Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Local Traffic Manager Version15.0.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Application Acceleration Manager Version15.0.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version15.0.0

F5 ≫ Big-ip Analytics Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Analytics Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Analytics Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Analytics Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Analytics Version15.0.0

F5 ≫ Big-ip Access Policy Manager Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Access Policy Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Access Policy Manager Version15.0.0

F5 ≫ Big-ip Application Security Manager Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Application Security Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Application Security Manager Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Application Security Manager Version >= 14.0.0 <= 14.1.1

F5 ≫ Big-ip Application Security Manager Version15.0.0

F5 ≫ Big-ip Edge Gateway Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Edge Gateway Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Edge Gateway Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Edge Gateway Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Edge Gateway Version15.0.0

F5 ≫ Big-ip Fraud Protection Service Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Fraud Protection Service Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Fraud Protection Service Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Fraud Protection Service Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Fraud Protection Service Version15.0.0

F5 ≫ Big-ip Global Traffic Manager Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Global Traffic Manager Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Global Traffic Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Global Traffic Manager Version15.0.0

F5 ≫ Big-ip Link Controller Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Link Controller Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Link Controller Version >= 13.0.0 <= 13.1.1

F5 ≫ Big-ip Link Controller Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Link Controller Version15.0.0

F5 ≫ Big-ip Webaccelerator Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Webaccelerator Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Webaccelerator Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Webaccelerator Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Webaccelerator Version15.0.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Policy Enforcement Manager Version15.0.0

Isc ≫ Bind Version >= 9.9.0 <= 9.10.8

Isc ≫ Bind Version >= 9.11.0 <= 9.11.6

Isc ≫ Bind Version >= 9.12.0 <= 9.12.4

Isc ≫ Bind Version >= 9.13.0 <= 9.13.7

Isc ≫ Bind Version9.9.3 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.10.8 Updatep1

Isc ≫ Bind Version9.11.5 Updates3 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates5 SwEditionsupported_preview

Isc ≫ Bind Version9.14.0

F5 ≫ Enterprise Manager Version3.1.1

F5 ≫ Big-iq Centralized Management Version >= 5.0.0 <= 5.4.0

F5 ≫ Big-iq Centralized Management Version >= 6.0.0 <= 6.1.0

F5 ≫ Iworkflow Version2.3.0

F5 ≫ Big-ip Domain Name System Version >= 11.5.2 <= 11.6.5

F5 ≫ Big-ip Domain Name System Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Domain Name System Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Domain Name System Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Domain Name System Version15.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.5%	0.804

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
security-officer@isc.org	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://kb.isc.org/docs/cve-2018-5743

Third Party Advisory

https://support.f5.com/csp/article/K74009656?utm_source=f5support&amp%3Butm_medium=RSS

https://www.synology.com/security/advisory/Synology_SA_19_20

https://nvd.nist.gov/vuln/detail/CVE-2018-5743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5743

EUVD