IscCVELIST:CVE-2020-8621CVE-2020-8621 Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.6%
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and ‘forward first’ then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that ‘forward only’ are not affected.
CNA Affected
[
{
"product": "BIND9",
"vendor": "ISC",
"versions": [
{
"changes": [
{
"at": "9.16.6",
"status": "unaffected"
},
{
"at": "9.17.0",
"status": "affected"
},
{
"at": "9.17.4",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "9.14.0",
"versionType": "custom"
}
]
}
]References
lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
kb.isc.org/docs/cve-2020-8621
security.gentoo.org/glsa/202008-19
security.netapp.com/advisory/ntap-20200827-0003/
usn.ubuntu.com/4468-1/
www.synology.com/security/advisory/Synology_SA_20_19
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.6%