vulnerability

Arch Linux: Denial of service (CVE-2018-5744)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Oct 9, 2019

Added

Jul 11, 2025

Modified

Mar 25, 2026

Description

A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind before 9.13.7. By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.

Solution

arch-linux-upgrade-latest

References

CVE-2018-5744
https://attackerkb.com/topics/CVE-2018-5744
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-17513
https://kb.isc.org/docs/cve-2018-5744
https://security.archlinux.org/ASA-201902-25
CWE-772
EUVD-EUVD-2018-17513

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report