CVE-2019-6477

Priority
Description
With pipelining enabled each incoming query on a TCP connection requires a
similar resource allocation to a query received via UDP or via TCP without
pipelining enabled. A client using a TCP-pipelined connection to a server
could consume more resources than the server has been provisioned to
handle. When a TCP connection with a large number of pipelined queries is
closed, the load on the server releasing these multiple resources can cause
it to become unresponsive, even for queries that can be answered
authoritatively or from cache. (This is most likely to be perceived as an
intermittent server problem).
Assigned-to
mdeslaur
Notes
mdeslaurintroduced in https://github.com/isc-projects/bind9/commit/761d135ed686601f36fe3d0d4aaa6bf41287bb0f
Package
Source: bind9 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:9.11.3+dfsg-1ubuntu1.11)
Ubuntu 19.04 (Disco Dingo):released (1:9.11.5.P1+dfsg-1ubuntu2.6)
Ubuntu 19.10 (Eoan Ermine):released (1:9.11.5.P4+dfsg-5.1ubuntu2.1)
Ubuntu 20.04 (Focal Fossa):released (1:9.11.5.P4+dfsg-5.1ubuntu4)
More Information

Updated: 2019-12-05 21:10:12 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)