CVE-2020-8620 - In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the

CVE-2020-8620

Summary

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:9.17.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.17.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.17.0:*:*:*:-:*:*:*
cpe:2.3:a:isc:bind:9.17.0:*:*:*:-:*:*:*
cpe:2.3:a:isc:bind:9.17.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.17.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.17.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.17.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.17.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.17.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.16.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

CVSS

Base:	5.0 (as of 02-06-2022 - 20:34)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://kb.isc.org/docs/cve-2020-8620 https://security.netapp.com/advisory/ntap-20200827-0003/ https://www.synology.com/security/advisory/Synology_SA_20_19
gentoo	GLSA-202008-19
suse	openSUSE-SU-2020:1699 openSUSE-SU-2020:1701
ubuntu	USN-4468-1

Last major update

02-06-2022 - 20:34

Published

21-08-2020 - 21:15

Last modified

02-06-2022 - 20:34