CVE-2018-5744

Published Oct 9, 2019

Last updated 5 days ago

CVSS high 7.5

Overview

Description: A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.
Source: security-officer@isc.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-772

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36D308B6-4ED9-489D-A67F-959B52DB7CAD",
            "versionEndExcluding": "9.10.8",
            "versionStartIncluding": "9.10.7"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A1A72B8-2E02-41EF-A24E-77D6322DBEFF",
            "versionEndExcluding": "9.11.5",
            "versionStartIncluding": "9.11.3"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1B4653B-EE51-40D1-8845-FF2873C6D135",
            "versionEndExcluding": "9.12.3",
            "versionStartIncluding": "9.12.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F1DDC1A-7611-4242-9F5B-DC11B1DDE7A7",
            "versionEndExcluding": "9.13.6",
            "versionStartIncluding": "9.13.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6243685F-1E5B-4FF6-AE1B-44798032FBA6"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ABCD105-A5E8-41AF-AE84-622543953449"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58D8814F-07FC-42A8-99EF-CD84AADEDC57"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2EE4D37-E5E9-4602-AC6B-5637E4483530"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DAC3F97-D828-474C-80D7-6D23A86372BF"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10C5868-A7C3-48A5-BDE9-1CE0FC0F515F"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB1A7C62-4700-4DE1-B0C2-16D94D0FE4C2"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F066C19-68DB-44BE-8757-ACD794BA1A4B"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AA16E51-819C-4A1B-B66E-1C60C1782C0D"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F59BE241-48B6-47CC-8500-96A8A1E67954"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B12AA91-F54B-4C97-9168-8E276F16F22B"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9759042-7B05-476D-8D2E-05BE221FFA64"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References