7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
89.5%
Emanuel Almeida discovered that Bind incorrectly handled certain TCP
payloads. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2020-8620)
Joseph Gullo discovered that Bind incorrectly handled QNAME minimization
when used in certain configurations. A remote attacker could possibly use
this issue to cause Bind to crash, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS. (CVE-2020-8621)
Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind
incorrectly handled certain truncated responses to a TSIG-signed request. A
remote attacker could possibly use this issue to cause Bind to crash,
resulting in a denial of service. (CVE-2020-8622)
Lyu Chiy discovered that Bind incorrectly handled certain queries. A remote
attacker could possibly use this issue to cause Bind to crash, resulting in
a denial of service. (CVE-2020-8623)
Joop Boonen discovered that Bind incorrectly handled certain subdomain
update-policy rules. A remote attacker granted privileges to change certain
parts of a zone could use this issue to change other contents of the zone,
contrary to expectations. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-8624)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.04 | noarch | bind9 | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-dbgsym | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-dnsutils | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-dnsutils-dbgsym | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-doc | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-host | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-host-dbgsym | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-libs | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-libs-dbgsym | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | bind9-utils | < 1:9.16.1-0ubuntu2.3 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
89.5%