Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-8621

Опубликовано: 21 авг. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 4.3
EPSS Низкий

Описание

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Версия от 9.14.0 (включая) до 9.16.5 (включая)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Версия от 9.17.0 (включая) до 9.17.3 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 4
cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*
Версия до 2.2.2-5027 (исключая)
Конфигурация 5
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.04224
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-617

Связанные уязвимости

ubuntu логотип

CVE-2020-8621

CVSS3: 7.5
ubuntu
больше 5 лет назад

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

redhat логотип

CVE-2020-8621

CVSS3: 7.5
redhat
больше 5 лет назад

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

msrc логотип

CVE-2020-8621

CVSS3: 7.5
msrc
больше 5 лет назад

Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c

debian логотип

CVE-2020-8621

CVSS3: 7.5
debian
больше 5 лет назад

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured ...

github логотип

GHSA-7vc6-qmjj-2j83

CVSS3: 7.5
github
больше 3 лет назад

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

EPSS

Процентиль: 88%
0.04224
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-617