ByteOS Network

NVD Vulnerability Details :

CVE-2019-6477

Modified

Source-security-officer@isc.org

Published At-26 Nov, 2019 | 16:15

Updated At-07 Nov, 2023 | 03:13

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

Internet Systems Consortium, Inc.

>>bind>>Versions from 9.11.7(inclusive) to 9.11.12(inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*

Internet Systems Consortium, Inc.

>>bind>>Versions from 9.14.1(inclusive) to 9.14.7(inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*

Internet Systems Consortium, Inc.

>>bind>>Versions from 9.15.0(inclusive) to 9.15.5(inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*

Internet Systems Consortium, Inc.

>>bind>>9.11.5

cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*

Internet Systems Consortium, Inc.

>>bind>>9.11.6

cpe:2.3:a:isc:bind:9.11.6:p1:*:*:*:*:*:*

Internet Systems Consortium, Inc.

>>bind>>9.11.6

cpe:2.3:a:isc:bind:9.11.6:rc1:*:*:*:*:*:*

Internet Systems Consortium, Inc.

>>bind>>9.11.12

cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*

Internet Systems Consortium, Inc.

>>bind>>9.12.4

cpe:2.3:a:isc:bind:9.12.4:p1:*:*:*:*:*:*

Internet Systems Consortium, Inc.

>>bind>>9.12.4

cpe:2.3:a:isc:bind:9.12.4:p2:*:*:*:*:*:*

Fedora Project

>>fedora>>30

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Fedora Project

>>fedora>>31

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html	security-officer@isc.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html	security-officer@isc.org	N/A
https://kb.isc.org/docs/cve-2019-6477	security-officer@isc.org	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/	security-officer@isc.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/	security-officer@isc.org	N/A
https://support.f5.com/csp/article/K15840535?utm_source=f5support&amp%3Butm_medium=RSS	security-officer@isc.org	N/A
https://www.debian.org/security/2020/dsa-4689	security-officer@isc.org	N/A
https://www.synology.com/security/advisory/Synology_SA_19_39	security-officer@isc.org	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History