ID CVE-2020-8620
Summary In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.17.0:*:*:*:-:*:*:*
    cpe:2.3:a:isc:bind:9.17.0:*:*:*:-:*:*:*
  • cpe:2.3:a:isc:bind:9.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.15.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.15.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
    cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
  • cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
    cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
  • cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
    cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
  • cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
    cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
CVSS
Base: 5.0 (as of 02-06-2022 - 20:34)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm
gentoo GLSA-202008-19
suse
  • openSUSE-SU-2020:1699
  • openSUSE-SU-2020:1701
ubuntu USN-4468-1
Last major update 02-06-2022 - 20:34
Published 21-08-2020 - 21:15
Last modified 02-06-2022 - 20:34
Back to Top