CVE-2020-8620

CWE-617 — Reachable Assertion CWE-400 — Uncontrolled Resource Consumption10 documents9 sources

Severity

7.5HIGH

EPSS

8.4%

top 7.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind Canonical Ubuntu Linux +1 more

Timeline

PublishedAug 21

Latest updateMay 24

Description

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5isc/bind99.15.6 — *

▶Debianbind9< 1:9.16.6-1+3

▶Ubuntubind9< 1:9.10.3.dfsg.P4-8ubuntu1.17+2

▶NVDisc/bind9.15.6 — 9.16.5+5

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 12.04, 16.04, 18.04

🔴Vulnerability Details

GHSA

GHSA-p5fp-cw6q-m6xc: In BIND 9↗2022-05-24

▶

OSV

bind9 vulnerabilities↗2020-08-21

▶

CVEList

CVE-2020-8620: In BIND 9↗2020-08-21

▶

OSV

CVE-2020-8620: In BIND 9↗2020-08-21

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2020-08-21

▶

Red Hat

bind: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c↗2020-08-20

▶

Microsoft

In BIND 9.15.6 -> 9.16.5 9.17.0 -> 9.17.3 An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure causing the ↗2020-08-11

▶

Debian

CVE-2020-8620: bind9 - In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP ...↗2020

▶

💬Community

Bugzilla

CVE-2020-8620 bind: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c↗2020-08-18

▶