Vulnerability Details CVE-2020-8618
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.7%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
- https://kb.isc.org/docs/cve-2020-8618
- https://security.netapp.com/advisory/ntap-20200625-0003/
- https://usn.ubuntu.com/4399-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
- https://kb.isc.org/docs/cve-2020-8618
- https://security.netapp.com/advisory/ntap-20200625-0003/
- https://usn.ubuntu.com/4399-1/
Products affected by CVE-2020-8618
-
cpe:2.3:a:isc:bind:9.16.0
-
cpe:2.3:a:isc:bind:9.16.1
-
cpe:2.3:a:isc:bind:9.16.2
-
cpe:2.3:a:isc:bind:9.16.3
-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2