5
CVSSv2

CVE-2019-6477

Published: 26/11/2019 Updated: 20/05/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

It exists that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service.

Vulnerability Trend

Affected Products

Vendor Product Versions
IscBind9.11.5, 9.11.6, 9.11.7, 9.11.8, 9.11.9, 9.11.10, 9.11.11, 9.11.12, 9.12.4, 9.14.1, 9.14.2, 9.14.3, 9.14.4, 9.14.5, 9.14.6, 9.14.7, 9.15.0, 9.15.1, 9.15.2, 9.15.3, 9.15.4, 9.15.5
FedoraprojectFedora30, 31

Vendor Advisories

Synopsis Moderate: bind security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for bind is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Bind could be made to consume resources if it received specially crafted network traffic ...
Debian Bug report logs - #945171 bind9: CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 20 Nov 2019 20:15:02 UTC Severity: grave Tags: secur ...
Synopsis Moderate: bind security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Synopsis Moderate: OpenShift Container Platform 4310 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has ra ...
Several vulnerabilities were discovered in BIND, a DNS server implementation CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals An att ...
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community CVE-2019-6477 (BIND) Article Number: 000017854 Products: Sidewinder Version: 83, 70 ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2019-324-01) New bind packages are available for Slackware 140, 141, 142, and -current to fix a security issue Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/bind-91113-i586-1_slack142txz: Upgraded Thi ...
Today (2019-11-20) ISC announced a vulnerability in our BIND 9 software CVE-2019-6477, TCP-pipelined queries can bypass tcp-clients limit This issue affects BIND 911, BIND 914, and BIND 915 Our full CVE text can be found at: kbiscorg/docs/cve-2019-6477 New releases of BIND, including security fixes for this vulnerability, ...

Github Repositories