CVE-2020-8618 - An attacker who is permitted to send zone data to a server via zone transfer can exploit this to int

CVE-2020-8618

Summary

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

CVSS

Base:	4.0 (as of 07-10-2022 - 13:08)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm	https://kb.isc.org/docs/cve-2020-8618 https://security.netapp.com/advisory/ntap-20200625-0003/
suse	openSUSE-SU-2020:1699 openSUSE-SU-2020:1701
ubuntu	USN-4399-1

Last major update

07-10-2022 - 13:08

Published

17-06-2020 - 22:15

Last modified

07-10-2022 - 13:08