ID CVE-2020-8618
Summary An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 20-10-2020 - 12:15)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
refmap via4
confirm
suse
  • openSUSE-SU-2020:1699
  • openSUSE-SU-2020:1701
ubuntu USN-4399-1
Last major update 20-10-2020 - 12:15
Published 17-06-2020 - 22:15
Last modified 20-10-2020 - 12:15
Back to Top