Unrated severityNVD Advisory· Published Aug 21, 2020· Updated Sep 16, 2024
Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
CVE-2020-8621
Description
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40- osv-coords38 versionspkg:apk/chainguard/bindpkg:apk/chainguard/bind-devpkg:apk/chainguard/bind-dnssec-rootpkg:apk/chainguard/bind-dnssec-toolspkg:apk/chainguard/bind-docpkg:apk/chainguard/bind-libspkg:apk/chainguard/bind-pluginspkg:apk/chainguard/bind-toolspkg:apk/wolfi/bindpkg:apk/wolfi/bind-devpkg:apk/wolfi/bind-dnssec-rootpkg:apk/wolfi/bind-dnssec-toolspkg:apk/wolfi/bind-docpkg:apk/wolfi/bind-libspkg:apk/wolfi/bind-pluginspkg:apk/wolfi/bind-toolspkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0+ 37 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.16.6-lp151.11.9.1
- (no CPE)range: < 9.16.6-lp152.14.3.1
- (no CPE)range: < 9.16.20-1.4
- (no CPE)range: < 1.18.0-lp151.3.3.1
- (no CPE)range: < 1.18.0-lp152.4.3.1
- (no CPE)range: < 2.0-lp151.4.3.1
- (no CPE)range: < 2.0-lp152.5.3.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
Patches
Vulnerability mechanics
References
7- lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/202008-19mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4468-1/mitrevendor-advisoryx_refsource_UBUNTU
- kb.isc.org/docs/cve-2020-8621mitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20200827-0003/mitrex_refsource_CONFIRM
- www.synology.com/security/advisory/Synology_SA_20_19mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.