What is CVE-2019-6477?

CVE-2019-6477 is a high-severity vulnerability in Isc Bind9. CVSS score: 7.5/10. Published 2019-11-26.

How severe is CVE-2019-6477?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2019-6477 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Isc Bind9

CVE-2019-6477

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume m…

EPSS: 0.057 (90.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Isc Bind9 — versions 9.11.6-P1 -> 9.11.12, 9.12.4-P1 -> 9.12.4-P2, 9.14.1 -> 9.14.7, and versions 9.11.5-S6 -> 9.11.12-S1 of BIND 9 Supported Preview Edition. Versions 9.15.0 -> 9.15.5 of the BIND 9.15 development branch are also affected

Public proof-of-concept exploits

References

kb.isc.org/docs/cve-2019-6477 (x_refsource_CONFIRM)
www.synology.com/security/advisory/Synology_SA_19_39 (x_refsource_CONFIRM)
FEDORA-2019-73a8737068 (vendor-advisory, x_refsource_FEDORA)
support.f5.com/csp/article/K15840535 (x_refsource_CONFIRM)
FEDORA-2019-c703d2304a (vendor-advisory, x_refsource_FEDORA)
DSA-4689 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2020:1699 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1701 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2019-6477?: CVE-2019-6477 is a high-severity vulnerability in Isc Bind9. CVSS score: 7.5/10. Published 2019-11-26.
How severe is CVE-2019-6477?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2019-6477 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.