CVE-2018-5743

Limiting simultaneous TCP clients was ineffective

Description

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Remediation

Solution:

  • Upgrade to a version of BIND containing a fix for the ineffective limits. + BIND 9.11.6-P1 + BIND 9.12.4-P1 + BIND 9.14.1 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. + BIND 9.11.5-S6 + BIND 9.11.6-S1

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 3.0 •
CVSS 2.0 •
EPSS 2.05% Top 20%
Third-Party Advisory isc.org
Affected: ISC BIND 9
Published at:
Updated at:

References

Link Tags
https://kb.isc.org/docs/cve-2018-5743 third party advisory
https://www.synology.com/security/advisory/Synology_SA_19_20
https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medium=RSS

Frequently Asked Questions

What is the severity of CVE-2018-5743?
CVE-2018-5743 has been scored as a high severity vulnerability.
How to fix CVE-2018-5743?
To fix CVE-2018-5743: Upgrade to a version of BIND containing a fix for the ineffective limits. + BIND 9.11.6-P1 + BIND 9.12.4-P1 + BIND 9.14.1 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. + BIND 9.11.5-S6 + BIND 9.11.6-S1
Is CVE-2018-5743 being actively exploited in the wild?
It is possible that CVE-2018-5743 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-5743?
CVE-2018-5743 affects ISC BIND 9.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.