Vulnerability Details CVE-2020-8620
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 83.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
- https://kb.isc.org/docs/cve-2020-8620
- https://security.gentoo.org/glsa/202008-19
- https://security.netapp.com/advisory/ntap-20200827-0003/
- https://usn.ubuntu.com/4468-1/
- https://www.synology.com/security/advisory/Synology_SA_20_19
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
- https://kb.isc.org/docs/cve-2020-8620
- https://security.gentoo.org/glsa/202008-19
- https://security.netapp.com/advisory/ntap-20200827-0003/
- https://usn.ubuntu.com/4468-1/
- https://www.synology.com/security/advisory/Synology_SA_20_19
Products affected by CVE-2020-8620
-
cpe:2.3:a:isc:bind:9.11.21
-
cpe:2.3:a:isc:bind:9.11.3
-
cpe:2.3:a:isc:bind:9.15.6
-
cpe:2.3:a:isc:bind:9.16.0
-
cpe:2.3:a:isc:bind:9.16.1
-
cpe:2.3:a:isc:bind:9.16.2
-
cpe:2.3:a:isc:bind:9.16.3
-
cpe:2.3:a:isc:bind:9.16.4
-
cpe:2.3:a:isc:bind:9.16.5
-
cpe:2.3:a:isc:bind:9.17.0
-
cpe:2.3:a:isc:bind:9.17.1
-
cpe:2.3:a:isc:bind:9.17.2
-
cpe:2.3:a:isc:bind:9.17.3
-
cpe:2.3:a:isc:bind:9.9.12
-
cpe:2.3:a:isc:bind:9.9.13
-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2