CVE-2019-6477

EUVD-2019-16037
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
iscCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
iscbind
9.11.7 ≤
𝑥
≤ 9.11.12
iscbind
9.14.1 ≤
𝑥
≤ 9.14.7
iscbind
9.15.0 ≤
𝑥
≤ 9.15.5
iscbind
9.11.5:s6
iscbind
9.11.6:p1
iscbind
9.11.6:rc1
iscbind
9.11.12:s1
iscbind
9.12.4:p1
iscbind
9.12.4:p2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
jessie
not-affected
sid
1:9.20.2-1
fixed
stretch
not-affected
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
bionic
Fixed 1:9.11.3+dfsg-1ubuntu1.11
released
disco
Fixed 1:9.11.5.P1+dfsg-1ubuntu2.6
released
eoan
Fixed 1:9.11.5.P4+dfsg-5.1ubuntu2.1
released
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
https://kb.isc.org/docs/cve-2019-6477
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/
https://support.f5.com/csp/article/K15840535?utm_source=f5support&amp%3Butm_medium=RSS
https://www.debian.org/security/2020/dsa-4689
https://www.synology.com/security/advisory/Synology_SA_19_39
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
https://kb.isc.org/docs/cve-2019-6477
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/
https://support.f5.com/csp/article/K15840535?utm_source=f5support&amp%3Butm_medium=RSS
https://www.debian.org/security/2020/dsa-4689
https://www.synology.com/security/advisory/Synology_SA_19_39