CVE-2018-5743
- ULN >
- Oracle Linux CVE repository >
- CVE-2018-5743
CVE Details
| Release Date: | 2019-10-09 |
Description
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
See more information about CVE-2018-5743 from MITRE CVE dictionary and NIST NVD
CVSS v3.0 metrics
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 7.5 | Base Metrics: | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Access Vector: | Network | Attack Complexity: | Low |
| Privileges Required: | None | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 6 (bind) | ELSA-2019-1492 | 2019-06-18 |
| Oracle Linux version 7 (bind) | ELSA-2019-1294 | 2019-05-30 |
| Oracle Linux version 8 (bind) | ELSA-2019-1145 | 2019-07-30 |
| Oracle VM version 3.3 (bind) | OVMSA-2019-0027 | 2019-06-18 |
| Oracle VM version 3.4 (bind) | OVMSA-2019-0027 | 2019-06-18 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
