Unrated severityNVD Advisory· Published Jun 17, 2020· Updated Sep 16, 2024

A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

CVE-2020-8618

Description

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

Affected products

osv-coords38 versions
pkg:apk/chainguard/bind pkg:apk/chainguard/bind-dev pkg:apk/chainguard/bind-dnssec-root pkg:apk/chainguard/bind-dnssec-tools pkg:apk/chainguard/bind-doc pkg:apk/chainguard/bind-libs pkg:apk/chainguard/bind-plugins pkg:apk/chainguard/bind-tools pkg:apk/wolfi/bind pkg:apk/wolfi/bind-dev pkg:apk/wolfi/bind-dnssec-root pkg:apk/wolfi/bind-dnssec-tools pkg:apk/wolfi/bind-doc pkg:apk/wolfi/bind-libs pkg:apk/wolfi/bind-plugins pkg:apk/wolfi/bind-tools pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0+ 37 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.16.6-lp151.11.9.1
- (no CPE)range: < 9.16.6-lp152.14.3.1
- (no CPE)range: < 9.16.20-1.4
- (no CPE)range: < 1.18.0-lp151.3.3.1
- (no CPE)range: < 1.18.0-lp152.4.3.1
- (no CPE)range: < 2.0-lp151.4.3.1
- (no CPE)range: < 2.0-lp152.5.3.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
ISC/BIND9v5
Range: 9.16.0 -> 9.16.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlmitrevendor-advisoryx_refsource_SUSE
usn.ubuntu.com/4399-1/mitrevendor-advisoryx_refsource_UBUNTU
kb.isc.org/docs/cve-2020-8618mitrex_refsource_CONFIRM
security.netapp.com/advisory/ntap-20200625-0003/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000