Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-8623

Опубликовано: 21 авг. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 4.3
EPSS Средний

Описание

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Версия от 9.10.0 (включая) до 9.11.21 (включая)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Версия от 9.12.1 (включая) до 9.16.5 (включая)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Версия от 9.17.0 (включая) до 9.17.3 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 7
cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*
Версия до 2.2.2-5027 (исключая)
Конфигурация 8
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.18125
Средний

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-617

Связанные уязвимости

ubuntu логотип

CVE-2020-8623

CVSS3: 7.5
ubuntu
больше 5 лет назад

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

redhat логотип

CVE-2020-8623

CVSS3: 7.5
redhat
больше 5 лет назад

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

msrc логотип

CVE-2020-8623

CVSS3: 7.5
msrc
больше 5 лет назад

A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

debian логотип

CVE-2020-8623

CVSS3: 7.5
debian
больше 5 лет назад

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also af ...

github логотип

GHSA-3hh5-h95j-2cw7

CVSS3: 7.5
github
больше 3 лет назад

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

EPSS

Процентиль: 95%
0.18125
Средний

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-617