CVE-2020-8621
Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
En BIND versiones 9.14.0 -) 9.16.5, 9.17.0 -) 9.17.3, si un servidor está configurado con minimización de QNAME y "forward first", entonces un atacante que pueda enviarle consultas puede ser capaz de desencadenar la condición que causará que el servidor se bloquee. Los servidores con "forward only" no están afectados.
Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-05 CVE Reserved
- 2020-08-21 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20200827-0003 | Third Party Advisory |
|
https://www.synology.com/security/advisory/Synology_SA_20_19 | Third Party Advisory |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html | 2022-04-28 | |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html | 2022-04-28 | |
https://kb.isc.org/docs/cve-2020-8621 | 2022-04-28 | |
https://security.gentoo.org/glsa/202008-19 | 2022-04-28 | |
https://usn.ubuntu.com/4468-1 | 2022-04-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.14.0 <= 9.16.5 Search vendor "Isc" for product "Bind" and version " >= 9.14.0 <= 9.16.5" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.17.0 <= 9.17.3 Search vendor "Isc" for product "Bind" and version " >= 9.17.0 <= 9.17.3" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
Synology Search vendor "Synology" | Dns Server Search vendor "Synology" for product "Dns Server" | < 2.2.2-5027 Search vendor "Synology" for product "Dns Server" and version " < 2.2.2-5027" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
|