CVE-2020-8618

CWE-617Reachable Assertion10 documents9 sources
Severity
4.9MEDIUM
EPSS
1.3%
top 20.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ISC BindISC Bind9Canonical Ubuntu Linux+1 more
Timeline
PublishedJun 17
Latest updateMay 24

Description

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

Debianbind9< 1:9.16.4-1+3
Ubuntubind9< 1:9.16.1-0ubuntu2.2
NVDisc/bind9.16.09.16.3
CVEListV5isc/bind99.16.0 -> 9.16.3
NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 20.04

🔴Vulnerability Details

4
GHSA
GHSA-2c3j-p34f-v2cr: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a sp2022-05-24
CVEList
A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer2020-06-17
OSV
CVE-2020-8618: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a sp2020-06-17
OSV
bind9 vulnerabilities2020-06-17

📋Vendor Advisories

4
Ubuntu
Bind vulnerabilities2020-06-17
Red Hat
bind: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer2020-06-17
Microsoft
A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer2020-06-09
Debian
CVE-2020-8618: bind9 - An attacker who is permitted to send zone data to a server via zone transfer can...2020

💬Community

1
Bugzilla
CVE-2020-8618 bind: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer2020-06-16
CVE-2020-8618 (MEDIUM CVSS 4.9) | An attacker who is permitted to sen | cvebase.io