Lucene search

K
cveIscCVE-2019-6477
HistoryNov 26, 2019 - 4:15 p.m.

CVE-2019-6477

2019-11-2616:15:13
CWE-400
isc
web.nvd.nist.gov
345
cve-2019-6477
tcp
pipelining
resource allocation
server load
nvd
intermittent unresponsiveness

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.017

Percentile

87.9%

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

Affected configurations

Nvd
Node
iscbindRange9.11.79.11.12
OR
iscbindRange9.14.19.14.7
OR
iscbindRange9.15.09.15.5
OR
iscbindMatch9.11.5s6supported_preview
OR
iscbindMatch9.11.6p1
OR
iscbindMatch9.11.6rc1
OR
iscbindMatch9.11.12s1supported_preview
OR
iscbindMatch9.12.4p1
OR
iscbindMatch9.12.4p2
Node
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
VendorProductVersionCPE
iscbind9.11.5cpe:/a:isc:bind:9.11.5:s6:supported_preview:
iscbind9.12.4cpe:/a:isc:bind:9.12.4:p2::
iscbind9.11.12cpe:/a:isc:bind:9.11.12:s1:supported_preview:
iscbind9.12.4cpe:/a:isc:bind:9.12.4:p1::
iscbind9.11.6cpe:/a:isc:bind:9.11.6:rc1::
iscbind9.11.6cpe:/a:isc:bind:9.11.6:p1::
iscbindcpe:/a:isc:bind::::

CNA Affected

[
  {
    "product": "BIND9",
    "vendor": "ISC",
    "versions": [
      {
        "status": "affected",
        "version": "9.11.6-P1 -> 9.11.12, 9.12.4-P1 -> 9.12.4-P2, 9.14.1 -> 9.14.7, and versions 9.11.5-S6 -> 9.11.12-S1 of BIND 9 Supported Preview Edition. Versions 9.15.0 -> 9.15.5 of the BIND 9.15 development branch are also affected"
      }
    ]
  }
]

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.017

Percentile

87.9%