CVE-2020-0836 — Improper Input Validation in Microsoft Windows Server 2008 R2 Service Pack 1
Severity
7.5HIGHNVD
EPSS
16.2%
top 5.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 11
Latest updateMay 24
Description
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.
To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service.
The update addresses the vulnerability by correcting how Windows DNS processes queries.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages18 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-pf2q-6q6p-25p9: A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'↗2022-05-24
GHSA▶
GHSA-h78g-2jmr-346w: A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'↗2022-05-24