DNS: ISC BIND EDNS0 Key-Tag Memory Leak Denial of Service

This signature detects attempts to exploit a known vulnerability against ISC BIND Server. A successful attack can lead to Denial of Service.

Extended Description

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.

Affected Products

Isc bind

References

CVE: CVE-2018-5744

Short Name
DNS:BIND-EDNS-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
DNS
Keywords
BIND CVE-2018-5744 Denial EDNS0 ISC Key-Tag Leak Memory Service of
Release Date
03/13/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3415
False Positive
Unknown
Vendors

Isc

CVSS Score

5.0

Found a potential security threat?