CVE-2018-5744

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.10.7 through 9.10.8-P1 BIND 9 versions 9.11.3 through 9.11.5-P1 BIND 9 versions 9.12.0 through 9.12.3-P1 BIND 9 Supported Preview Edition versions 9.10.7-S1 through 9.11.5-S3 BIND 9 versions 9.13.0 through 9.13.6

Description The issue is related to incorrect processing of messages with a specific combination of EDNS options, which can lead to a failure to free memory. This can cause a denial of service due to memory exhaustion. The vulnerability can be exploited by a remote attacker.

Recommendations For BIND 9 versions 9.10.7 through 9.10.8-P1, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.11.3 through 9.11.5-P1, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.12.0 through 9.12.3-P1, update to a version outside of this range to resolve the issue. For BIND 9 Supported Preview Edition versions 9.10.7-S1 through 9.11.5-S3, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.13.0 through 9.13.6, update to a version outside of this range to resolve the issue.