CVSS: 5.9EPSS: 0%CPEs: 109EXPL: 0CVE-2019-6471 – A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
https://notcve.org/view.php?id=CVE-2019-6471
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. Una condición de carrera que puede presentarse al descartar paquetes malformados puede provocar la salida de BIND debido a un fallo de aserción de REQUIRE en el archivo dispatch.c. Versiones afectadas: BIND 9.11.0 hasta 9.11.7, 9.12.0 hasta 9.12.4-P1, 9.14.0 hasta 9.14.2. • https://kb.isc.org/docs/cve-2019-6471 https://support.f5.com/csp/article/K10092301?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2019-6471 https://bugzilla.redhat.com/show_bug.cgi?id=1721780 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 0%CPEs: 78EXPL: 0CVE-2018-5743 – Limiting simultaneous TCP clients was ineffective
https://notcve.org/view.php?id=CVE-2018-5743
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. • https://kb.isc.org/docs/cve-2018-5743 https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medium=RSS https://www.synology.com/security/advisory/Synology_SA_19_20 https://access.redhat.com/security/cve/CVE-2018-5743 https://bugzilla.redhat.com/show_bug.cgi?id=1702541 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2018-5744 – A specially crafted packet can cause named to leak memory
https://notcve.org/view.php?id=CVE-2018-5744
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Se puede presentar un fallo al liberar memoria cuando se procesan mensajes que tienen una combinación específica de opciones EDNS. Las versiones afectadas son: BIND 9.10.7 hasta 9.10.8-P1, 9.11.3 hasta 9.11.5-P1, 9.12.0 hasta 9.12.3-P1, y las versiones 9.10.7-S1 hasta 9.11.5-S3 de BIND 9 Supported Preview Edition. • https://kb.isc.org/docs/cve-2018-5744 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2018-5745 – An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
https://notcve.org/view.php?id=CVE-2018-5745
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. • https://access.redhat.com/errata/RHSA-2019:3552 https://kb.isc.org/docs/cve-2018-5745 https://access.redhat.com/security/cve/CVE-2018-5745 https://bugzilla.redhat.com/show_bug.cgi?id=1679303 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-617: Reachable Assertion •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2019-6465 – Zone transfer controls for writable DLZ zones were not effective
https://notcve.org/view.php?id=CVE-2019-6465
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. Los controles para las transferencias de zona pueden no ser aplicados correctamente en Dynamically Loadable Zones (DLZs) si las zonas son grabables. Versiones afectadas: BIND 9.9.0 hasta 9.10.8-P1, 9.11.0 hasta 9.11.5-P2, 9.12.0 hasta 9.12.3-P2, y versiones 9.9.3-S1 hasta 9.11.5-S3 de BIND 9 Supported Preview Edition. • https://access.redhat.com/errata/RHSA-2019:3552 https://kb.isc.org/docs/cve-2019-6465 https://access.redhat.com/security/cve/CVE-2019-6465 https://bugzilla.redhat.com/show_bug.cgi?id=1679304 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •