Unrated severityNVD Advisory· Published Aug 21, 2020· Updated Sep 17, 2024

CVE-2020-8620

Description

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

Affected products

osv-coords38 versions
pkg:apk/chainguard/bind pkg:apk/chainguard/bind-dev pkg:apk/chainguard/bind-dnssec-root pkg:apk/chainguard/bind-dnssec-tools pkg:apk/chainguard/bind-doc pkg:apk/chainguard/bind-libs pkg:apk/chainguard/bind-plugins pkg:apk/chainguard/bind-tools pkg:apk/wolfi/bind pkg:apk/wolfi/bind-dev pkg:apk/wolfi/bind-dnssec-root pkg:apk/wolfi/bind-dnssec-tools pkg:apk/wolfi/bind-doc pkg:apk/wolfi/bind-libs pkg:apk/wolfi/bind-plugins pkg:apk/wolfi/bind-tools pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0+ 37 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.16.6-lp151.11.9.1
- (no CPE)range: < 9.16.6-lp152.14.3.1
- (no CPE)range: < 9.16.20-1.4
- (no CPE)range: < 1.18.0-lp151.3.3.1
- (no CPE)range: < 1.18.0-lp152.4.3.1
- (no CPE)range: < 2.0-lp151.4.3.1
- (no CPE)range: < 2.0-lp152.5.3.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
ISC/BIND9v5
Range: 9.15.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlmitrevendor-advisoryx_refsource_SUSE
security.gentoo.org/glsa/202008-19mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/4468-1/mitrevendor-advisoryx_refsource_UBUNTU
kb.isc.org/docs/cve-2020-8620mitrex_refsource_CONFIRM
security.netapp.com/advisory/ntap-20200827-0003/mitrex_refsource_CONFIRM
www.synology.com/security/advisory/Synology_SA_20_19mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000