CVE-2019-6471

CWE-362 — Race Condition CWE-617 — Reachable Assertion9 documents8 sources

Severity

5.9MEDIUM

EPSS

1.4%

top 19.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +15 more

Timeline

PublishedOct 9

Latest updateMay 24

Description

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages19 packages

▶Debianbind9< 1:9.11.5.P4+dfsg-5.1+3

▶NVDisc/bind9.11.0 — 9.11.7+7

▶CVEListV5isc/bind_9BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

▶NVDf5/big-ip_analytics11.5.2 — 11.5.9+6

▶NVDf5/big-ip_edge_gateway11.5.2 — 11.5.9+6

🔴Vulnerability Details

GHSA

GHSA-52fp-qxmc-8q94: A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch↗2022-05-24

▶

OSV

CVE-2019-6471: A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch↗2019-10-09

▶

CVEList

A race condition when discarding malformed packets can cause BIND to exit with an assertion failure↗2019-10-09

▶

📋Vendor Advisories

Ubuntu

Bind vulnerability↗2019-06-20

▶

Red Hat

bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure↗2019-06-19

▶

Debian

CVE-2019-6471: bind9 - A race condition which may occur when discarding malformed packets can result in...↗2019

▶

💬Community

Bugzilla

CVE-2019-6471 bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure [fedora-all]↗2019-06-20

▶

Bugzilla

CVE-2019-6471 bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure↗2019-06-19

▶

External resources

NVD MITRE

Affected products18

F5 Big-ip Access Policy Manager≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+4 more

F5 Big-ip Advanced Firewall Manager≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+4 more

F5 Big-ip Analytics≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+4 more

F5 Big-ip Application Acceleration Manager≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+4 more

F5 Big-ip Application Security Manager≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+4 more

F5 Big-ip Domain Name System≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+5 more

F5 Big-ip Edge Gateway≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+4 more

F5 Big-ip Fraud Protection Service≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+4 more

F5 Big-ip Global Traffic Manager≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+5 more

F5 Big-ip Link Controller≥ 11.5.2, ≤ 11.5.9≥ 11.6.1, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4+5 more

Disclosure

PublishedOct 9, 2019

Latest updateMay 24, 2022