CVE-2020-8622

A truncated TSIG response can lead to an assertion failure

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

En BIND versiones 9.0.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, también afecta a versiones 9.9.3-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante sobre la ruta de la red para una petición firmada por TSIG, u operando el servidor que recibe la petición firmada por TSIG, podría enviar una respuesta truncada a esa petición, desencadenando un fallo de aserción y causando que el servidor salga. Alternativamente, un atacante fuera de la ruta tendría que adivinar correctamente cuándo fue enviada una petición firmada por TSIG, junto con otras características del paquete y mensaje, y falsificar una respuesta truncada para desencadenar un fallo de aserción, causando la salida del servidor.

A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability.

*Credits: ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham of Oracle for bringing this vulnerability to our attention.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-02-05 CVE Reserved
2020-08-21 CVE Published
2024-07-11 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-617: Reachable Assertion

CAPEC

References (15)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html	Mailing List
https://security.netapp.com/advisory/ntap-20200827-0003	Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_19	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/security-alerts/cpuoct2021.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html	2023-11-07
https://kb.isc.org/docs/cve-2020-8622	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP	2023-11-07
https://security.gentoo.org/glsa/202008-19	2023-11-07
https://usn.ubuntu.com/4468-1	2023-11-07
https://usn.ubuntu.com/4468-2	2023-11-07
https://www.debian.org/security/2020/dsa-4752	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-8622	2020-11-24
https://bugzilla.redhat.com/show_bug.cgi?id=1869473	2020-11-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.0.0 <= 9.11.21 Search vendor "Isc" for product "Bind" and version " >= 9.0.0 <= 9.11.21"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.12.0 <= 9.16.5 Search vendor "Isc" for product "Bind" and version " >= 9.12.0 <= 9.16.5"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.17.0 <= 9.17.3 Search vendor "Isc" for product "Bind" and version " >= 9.17.0 <= 9.17.3"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.9.3 Search vendor "Isc" for product "Bind" and version "9.9.3"		s1, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.11.21 Search vendor "Isc" for product "Bind" and version "9.11.21"		s1, supported_preview		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"		lts		Affected
Netapp Search vendor "Netapp"		Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"				-		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.2 Search vendor "Opensuse" for product "Leap" and version "15.2"		-		Affected
Synology Search vendor "Synology"		Dns Server Search vendor "Synology" for product "Dns Server"				< 2.2.2-5028 Search vendor "Synology" for product "Dns Server" and version " < 2.2.2-5028"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				>= 8.0.0 <= 8.5.0 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0 <= 8.5.0"		-		Affected