A vulnerability in the ISC BIND software could make it fail to effectively limit the number of concurrent TCP clients for avoiding resource overloading. The failure could happen when a BIND server with the use of TCP-pipelining receives a large number of DNS requests over a single TCP connection from a client.
Versions earlier than BIND 9.11.0 have not been evaluated by the Internet Systems Consortium (ISC) for the vulnerability and whether they are also vulnerable is not known. For the sake of prudence, users should upgrade their BIND software in use to the latest versions as far as possible.
The vulnerability could lead to a denial of service condition on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problem:
http://www.isc.org/downloads/
System administrators may also disable TCP-pipelining at the BIND server to avoid the vulnerability.
System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/docs/cve-2019-6477
https://www.hkcert.org/my_url/en/alert/19112102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477