CVE-2018-5744

high-risk
Published 2019-10-09

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.

Do I need to act?

~
4.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (13)

Affected Vendors

Isc

References (2)

Vendor Advisory https://kb.isc.org/docs/cve-2018-5744
Vendor Advisory https://kb.isc.org/docs/cve-2018-5744
51
/ 100
high-risk
Severity 26/34 · High
Exploitability 8/34 · Low
Exposure 17/34 · Moderate