CVE-2020-8623

2020-08-2121:15:12

Debian Security Bug Tracker

security-tracker.debian.org

cve-2020-8623

bind 9

vulnerability

specially crafted query

crash

native pkcs11

rsa key

system security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.024

Percentile

90.1%

JSON

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with “–enable-native-pkcs11” * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

OSVersionArchitecturePackageVersionFilename
Debian12allbind9< 1:9.16.6-1bind9_1:9.16.6-1_all.deb
Debian11allbind9< 1:9.16.6-1bind9_1:9.16.6-1_all.deb
Debian999allbind9< 1:9.16.6-1bind9_1:9.16.6-1_all.deb
Debian13allbind9< 1:9.16.6-1bind9_1:9.16.6-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	bind9	< 1:9.16.6-1	bind9_1:9.16.6-1_all.deb
Debian	11	all	bind9	< 1:9.16.6-1	bind9_1:9.16.6-1_all.deb
Debian	999	all	bind9	< 1:9.16.6-1	bind9_1:9.16.6-1_all.deb
Debian	13	all	bind9	< 1:9.16.6-1	bind9_1:9.16.6-1_all.deb