CVEs-PoC/2018/CVE-2018-5744.md

### [CVE-2018-5744](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744)
![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=BIND%209BIND%209.10.7%20-%3E%209.10.8-P1%2C%209.11.3%20-%3E%209.11.5-P1%2C%209.12.0%20-%3E%209.12.3-P1%2C%20and%20versions%209.10.7-S1%20-%3E%209.11.5-S3%20of%20BIND%209%20Supported%20Preview%20Edition.%20Versions%209.13.0%20-%3E%209.13.6%20of%20the%209.13%20development%20branch%20are%20also%20affected.%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=By%20exploiting%20this%20condition%2C%20an%20attacker%20can%20potentially%20cause%20named's%20memory%20use%20to%20grow%20without%20bounds%20until%20all%20memory%20available%20to%20the%20process%20is%20exhausted.%20Typically%20a%20server%20process%20is%20limited%20as%20to%20the%20amount%20of%20memory%20it%20can%20use%20but%20if%20the%20named%20process%20is%20not%20limited%20by%20the%20operating%20system%20all%20free%20memory%20on%20the%20server%20could%20be%20exhausted.&color=brighgreen)

### Description

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/HJXSaber/bind9-my
- https://github.com/balabit-deps/balabit-os-8-bind9-libs
- https://github.com/balabit-deps/balabit-os-9-bind9-libs
- https://github.com/pexip/os-bind9
- https://github.com/pexip/os-bind9-libs
- https://github.com/psmedley/bind-os2
- https://github.com/sischkg/dnsonsen_advent_calendar