{"id":"CVE-2018-5743","details":"By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.","modified":"2026-04-16T04:37:36.021861680Z","published":"2019-10-09T16:15:13.763Z","related":["CGA-8ww8-847h-m749","SUSE-SU-2019:1407-1","SUSE-SU-2019:14074-1","SUSE-SU-2019:1449-1","SUSE-SU-2019:2502-1","openSUSE-SU-2019:1533-1","openSUSE-SU-2024:10650-1"],"references":[{"type":"WEB","url":"https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medium=RSS"},{"type":"ADVISORY","url":"https://kb.isc.org/docs/cve-2018-5743"},{"type":"ADVISORY","url":"https://www.synology.com/security/advisory/Synology_SA_19_20"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"3514c49b2fbcdf95b2735878e2487fce9a3ddad5"},{"last_affected":"12f71327ff796ed24752a4286fc0b3d9b21a4a57"},{"introduced":"1477c19dd9a347ee19a42dac227f299a4680506f"},{"last_affected":"4c50a8f8fb19f4f02024a24079a64358e1fcebcf"},{"introduced":"71a40862c0be867999867cd99e21c2266a5e452b"},{"last_affected":"a953e08740c2d76cd69e3e9515e14544fa3a1dda"},{"introduced":"29b3a7d84240a51099490c0f39ae537f4e0d6a7a"},{"last_affected":"6491691ac4bec0dc59e3eeba2797d65527f3bcd6"},{"introduced":"0"},{"last_affected":"1c59cea1c0e26e2da3f2afb90200bfe9f7748c03"},{"introduced":"0"},{"last_affected":"d1e053ed8dff25af8af241cf5ee2c83bd41a25ad"}],"database_specific":{"versions":[{"introduced":"9.9.0"},{"last_affected":"9.10.8"},{"introduced":"9.11.0"},{"last_affected":"9.11.6"},{"introduced":"9.12.0"},{"last_affected":"9.12.4"},{"introduced":"9.13.0"},{"last_affected":"9.13.7"},{"introduced":"0"},{"last_affected":"9.9.3-s1"},{"introduced":"0"},{"last_affected":"9.14.0"}]}}],"versions":["v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.10.0b2","v9.10.0rc1","v9.10.0rc2","v9.10.1","v9.10.1b1","v9.10.1b2","v9.10.1rc1","v9.10.1rc2","v9.10.2","v9.10.2b1","v9.10.2rc1","v9.10.2rc2","v9.10.3","v9.10.3b1","v9.10.3rc1","v9.10.4","v9.10.4b1","v9.10.4b2","v9.10.4b3","v9.10.4rc1","v9.10.5","v9.10.5b1","v9.10.5rc1","v9.10.5rc2","v9.10.5rc3","v9.10.6b1","v9.10.6rc1","v9.10.7b1","v9.10.7rc1","v9.10.8","v9.10.8rc2","v9.11.0","v9.11.0a1","v9.11.0a2","v9.11.0a3","v9.11.1","v9.11.1b1","v9.11.1rc1","v9.11.1rc2","v9.11.1rc3","v9.11.2b1","v9.11.2rc1","v9.11.3b1","v9.11.3rc1","v9.11.4","v9.11.4rc2","v9.11.6","v9.11.6rc1","v9.12.0a1","v9.12.0b1","v9.12.0b2","v9.12.0rc1","v9.12.1b1","v9.12.1rc1","v9.12.2","v9.12.2rc2","v9.12.4","v9.12.4rc1","v9.13.0","v9.13.2","v9.13.3","v9.13.4","v9.13.5","v9.13.6","v9.13.7","v9.14.0","v9.14.0rc1","v9.14.0rc2","v9.14.0rc3","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1","v9.9.0","v9.9.1","v9.9.2b1","v9.9.2rc1","v9.9.3b1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5743.json","unresolved_ranges":[{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.1.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.1.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.1.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.1.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.10.8-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"9.11.5-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"9.11.5-s5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.1"}]},{"events":[{"introduced":"5.0.0"},{"last_affected":"5.4.0"}]},{"events":[{"introduced":"6.0.0"},{"last_affected":"6.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.3.0"}]},{"events":[{"introduced":"11.5.2"},{"last_affected":"11.6.5"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.4"}]},{"events":[{"introduced":"13.1.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}