CVE-2019-6477
TCP-pipelined queries can bypass tcp-clients limit
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).
Con pipelining habilitada, cada consulta entrante en una conexión TCP requiere una asignación de recursos similar a una consulta recibida por medio de UDP o TCP sin pipelining habilitada. Un cliente que utiliza una conexión canalizada por TCP a un servidor podría consumir más recursos de los que el servidor ha sido provisionado para manejar. Cuando una conexión TCP con un gran número de consultas canalizadas se cierra, la carga en el servidor que libera estos múltiples recursos puede causar que no responda, inclusive para consultas que pueden ser respondidas con autoridad o desde la memoria caché. (Esto es muy probable que sea percibido como un problema de servidor intermitente).
A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and potentially affecting network connections and the management of files such as log files or zone journal files.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-16 CVE Reserved
- 2019-11-21 CVE Published
- 2024-03-15 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://kb.isc.org/docs/cve-2019-6477 | Third Party Advisory | |
| https://support.f5.com/csp/article/K15840535?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm | |
| https://www.synology.com/security/advisory/Synology_SA_19_39 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.11.7 <= 9.11.12 Search vendor "Isc" for product "Bind" and version " >= 9.11.7 <= 9.11.12" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.14.1 <= 9.14.7 Search vendor "Isc" for product "Bind" and version " >= 9.14.1 <= 9.14.7" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.15.0 <= 9.15.5 Search vendor "Isc" for product "Bind" and version " >= 9.15.0 <= 9.15.5" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5" | s6, supported_preview |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.6 Search vendor "Isc" for product "Bind" and version "9.11.6" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.6 Search vendor "Isc" for product "Bind" and version "9.11.6" | rc1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.12 Search vendor "Isc" for product "Bind" and version "9.11.12" | s1, supported_preview |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.12.4 Search vendor "Isc" for product "Bind" and version "9.12.4" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.12.4 Search vendor "Isc" for product "Bind" and version "9.12.4" | p2 |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||