vulnerability

Arch Linux: Denial of service (CVE-2018-5744)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Oct 9, 2019	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Oct 9, 2019

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind before 9.13.7. By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.

Solution

arch-linux-upgrade-latest

References

CVE-2018-5744
https://attackerkb.com/topics/CVE-2018-5744
URL-https://kb.isc.org/docs/cve-2018-5744
URL-https://security.archlinux.org/ASA-201902-25
CWE-772

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today