Lucene search

[email protected]CVE-2020-8621

HistoryAug 21, 2020 - 9:15 p.m.

CVE-2020-8621

2020-08-2121:15:00

CWE-617

[email protected]

web.nvd.nist.gov

199

cve-2020-8621

bind

dns

vulnerability

server crash

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and ‘forward first’ then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that ‘forward only’ are not affected.

CPENameOperatorVersion
isc:bindisc bindle9.17.3
isc:bindisc bindle9.16.5
opensuse:leapopensuse leapeq15.1
opensuse:leapopensuse leapeq15.2
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq20.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
synology:dns_serversynology dns serverlt2.2.2-5027
netapp:steelstore_cloud_integrated_storagenetapp steelstore cloud integrated storageeq-

CPE	Name	Operator	Version
isc:bind	isc bind	le	9.17.3
isc:bind	isc bind	le	9.16.5
opensuse:leap	opensuse leap	eq	15.1
opensuse:leap	opensuse leap	eq	15.2
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	20.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
synology:dns_server	synology dns server	lt	2.2.2-5027
netapp:steelstore_cloud_integrated_storage	netapp steelstore cloud integrated storage	eq	-