CVE-2020-8620

2020-08-2000:00:00

isc

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

CNA Affected

[
  {
    "product": "BIND9",
    "vendor": "ISC",
    "versions": [
      {
        "changes": [
          {
            "at": "9.16.6",
            "status": "unaffected"
          },
          {
            "at": "9.17.0",
            "status": "affected"
          },
          {
            "at": "9.17.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "9.15.6",
        "versionType": "custom"
      }
    ]
  }
]