CVE-2020-8620

Published: Aug 21, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

Affected (12)

Products: Isc: Bind · Opensuse: Leap · Netapp: Steelstore Cloud Integrated Storage · +1 more

Show all products

Isc: Bind · Opensuse: Leap · Netapp: Steelstore Cloud Integrated Storage · Canonical: Ubuntu Linux

1 product

1 product

1 product

Steelstore Cloud Integrated Storage

Canonical

1 product

Ubuntu Linux

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	From 9.15.6 to 9.16.5
Isc Bind	From 9.17.0 to 9.17.3

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	Version 9.11.21 s1
Isc Bind	Version 9.11.3 s1
Isc Bind	Version 9.9.12 s1
Isc Bind	Version 9.9.13 s1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

Source: security-officer@isc.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

Source: security-officer@isc.org

Third Party Advisory

https://kb.isc.org/docs/cve-2020-8620

Source: security-officer@isc.org

Vendor Advisory

https://security.gentoo.org/glsa/202008-19

Source: security-officer@isc.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200827-0003/

Source: security-officer@isc.org

Third Party Advisory

https://usn.ubuntu.com/4468-1/

Source: security-officer@isc.org

Third Party Advisory

https://www.synology.com/security/advisory/Synology_SA_20_19

Source: security-officer@isc.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html