bind: TCP-pipelined queries can bypass tcp-clients limit (CVE-2019-6477)ID: oval:org.secpod.oval:def:1802066 | Date: (C)2022-03-25 (M)2023-11-10 |
Class: PATCH | Family: unix |
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a large number of DNS requests over a single connection. Each outstanding query will be handled internally as an independent client request, thus bypassing the new TCP clients limit.
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.13 |
Alpine Linux 3.14 |
Alpine Linux 3.15 |