Vulnerability Details : CVE-2020-8620
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
Products affected by CVE-2020-8620
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Threat overview for CVE-2020-8620
Top countries where our scanners detected CVE-2020-8620
Top open port discovered on systems with this issue
53
IPs affected by CVE-2020-8620 192,766
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-8620!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-8620
3.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8620
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Internet Systems Consortium (ISC) |
CWE ids for CVE-2020-8620
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8620
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
[security-announce] openSUSE-SU-2020:1701-1: moderate: Security update fThird Party Advisory
-
https://security.gentoo.org/glsa/202008-19
BIND: Multiple vulnerabilities (GLSA 202008-19) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
[security-announce] openSUSE-SU-2020:1699-1: moderate: Security update fThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20200827-0003/
August 2020 ISC BIND Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://usn.ubuntu.com/4468-1/
USN-4468-1: Bind vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.synology.com/security/advisory/Synology_SA_20_19
Synology Inc.Third Party Advisory
-
https://kb.isc.org/docs/cve-2020-8620
CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c - Security AdvisoriesVendor Advisory
Jump to