Vulnerability Description
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Local Traffic Manager | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Application Acceleration Manager | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Advanced Firewall Manager | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Analytics | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Access Policy Manager | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Application Security Manager | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Edge Gateway | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Fraud Protection Service | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Global Traffic Manager | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Link Controller | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Webaccelerator | >= 11.5.2, <= 11.6.5 |
| F5 | Big-Ip Policy Enforcement Manager | >= 11.5.2, <= 11.6.5 |
| Isc | Bind | >= 9.9.0, <= 9.10.8 |
| F5 | Enterprise Manager | 3.1.1 |
| F5 | Big-Iq Centralized Management | >= 5.0.0, <= 5.4.0 |
| F5 | Iworkflow | 2.3.0 |
| F5 | Big-Ip Domain Name System | >= 11.5.2, <= 11.6.5 |
Related Weaknesses (CWE)
References
- https://kb.isc.org/docs/cve-2018-5743Third Party Advisory
- https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medi
- https://www.synology.com/security/advisory/Synology_SA_19_20
- https://kb.isc.org/docs/cve-2018-5743Third Party Advisory
- https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medi
- https://www.synology.com/security/advisory/Synology_SA_19_20
FAQ
What is CVE-2018-5743?
CVE-2018-5743 is a vulnerability with a CVSS score of 7.5 (HIGH). By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conserva...
How severe is CVE-2018-5743?
CVE-2018-5743 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5743?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.