CVE-2018-5743

Name of the Vulnerable Software and Affected Versions BIND versions 9.9.0 through 9.10.8-P1 BIND versions 9.11.0 through 9.11.6 BIND versions 9.12.0 through 9.12.4 BIND version 9.14.0 BIND 9 Supported Preview Edition versions 9.9.3-S1 through 9.11.5-S3 BIND 9 Supported Preview Edition version 9.11.5-S5 BIND versions 9.13.0 through 9.13.7

Description The issue is related to the failure to limit the number of simultaneous TCP connections, which can be exploited to cause a denial of service. This can lead to exhaustion of the pool of file descriptors available to named. The vulnerability is also associated with unlimited resource allocation in the managed-keys function of the DNS server.

Recommendations For BIND versions 9.9.0 through 9.10.8-P1, update to a version outside of this range to mitigate the risk. For BIND versions 9.11.0 through 9.11.6, update to a version outside of this range to mitigate the risk. For BIND versions 9.12.0 through 9.12.4, update to a version outside of this range to mitigate the risk. For BIND version 9.14.0, update to a version outside of this range to mitigate the risk. For BIND 9 Supported Preview Edition versions 9.9.3-S1 through 9.11.5-S3, update to a version outside of this range to mitigate the risk. For BIND 9 Supported Preview Edition version 9.11.5-S5, update to a version outside of this range to mitigate the risk. For BIND versions 9.13.0 through 9.13.7, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the number of simultaneous TCP connections to prevent exhaustion of file descriptors.