CVE-2020-8621

CWE-617 — Reachable Assertion CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption10 documents9 sources

Severity

7.5HIGH

EPSS

4.9%

top 10.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 Synology DNS Server ISC Bind +2 more

Timeline

PublishedAug 21

Latest updateMay 24

Description

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDsynology/dns_server< 2.2.2-5027

▶CVEListV5isc/bind99.14.0 — *

▶Debianbind9< 1:9.16.6-1+3

▶NVDisc/bind9.14.0 — 9.16.5+1

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

GHSA

GHSA-7vc6-qmjj-2j83: In BIND 9↗2022-05-24

▶

OSV

CVE-2020-8621: In BIND 9↗2020-08-21

▶

CVEList

Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c↗2020-08-21

▶

OSV

bind9 vulnerabilities↗2020-08-21

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2020-08-21

▶

Red Hat

bind: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c↗2020-08-20

▶

Microsoft

Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c↗2020-08-11

▶

Debian

CVE-2020-8621: bind9 - In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both ...↗2020

▶

💬Community

Bugzilla

CVE-2020-8621 bind: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c↗2020-08-18

▶