CVE-2019-6477

Published: Nov 26, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

Affected (11)

Products: Isc: Bind · Fedoraproject: Fedora

1 product

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	From 9.11.7 to 9.11.12
Isc Bind	From 9.14.1 to 9.14.7
Isc Bind	From 9.15.0 to 9.15.5
Isc Bind	Version 9.11.12 s1
Isc Bind	Version 9.11.5 s6
Isc Bind	Version 9.11.6 p1
Isc Bind	Version 9.11.6 rc1
Isc Bind	Version 9.12.4 p1
Isc Bind	Version 9.12.4 p2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

Source: security-officer@isc.org

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

Source: security-officer@isc.org

https://kb.isc.org/docs/cve-2019-6477

Source: security-officer@isc.org

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/

Source: security-officer@isc.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/

Source: security-officer@isc.org

https://support.f5.com/csp/article/K15840535?utm_source=f5support&amp%3Butm_medium=RSS

Source: security-officer@isc.org

https://www.debian.org/security/2020/dsa-4689

Source: security-officer@isc.org

https://www.synology.com/security/advisory/Synology_SA_19_39

Source: security-officer@isc.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.isc.org/docs/cve-2019-6477

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.f5.com/csp/article/K15840535?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2020/dsa-4689

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.synology.com/security/advisory/Synology_SA_19_39

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.