Lucene search

[email protected]CVE-2020-8623

HistoryAug 21, 2020 - 9:15 p.m.

CVE-2020-8623

2020-08-2121:15:00

CWE-617

[email protected]

web.nvd.nist.gov

373

cve-2020-8623

bind 9

vulnerability

nvd

dns

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with “–enable-native-pkcs11” * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

CPENameOperatorVersion
isc:bindisc bindle9.17.3
isc:bindisc bindle9.16.5
isc:bindisc bindle9.11.21
isc:bindisc bindeq9.10.5
fedoraproject:fedorafedoraproject fedoraeq31
fedoraproject:fedorafedoraproject fedoraeq32
opensuse:leapopensuse leapeq15.1
opensuse:leapopensuse leapeq15.2
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0

CPE	Name	Operator	Version
isc:bind	isc bind	le	9.17.3
isc:bind	isc bind	le	9.16.5
isc:bind	isc bind	le	9.11.21
isc:bind	isc bind	eq	9.10.5
fedoraproject:fedora	fedoraproject fedora	eq	31
fedoraproject:fedora	fedoraproject fedora	eq	32
opensuse:leap	opensuse leap	eq	15.1
opensuse:leap	opensuse leap	eq	15.2
debian:debian_linux	debian debian linux	eq	9.0
debian:debian_linux	debian debian linux	eq	10.0