Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
CVE-2020-8621

7.5HIGH

Key Information:

Vendor

Isc
Status
Bind9
Vendor
CVE Published:
21 August 2020

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2020-8621?

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIND9 9.14.0

References

https://kb.isc.org/docs/cve-2020-8621
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200827-0003/
x_refsource_CONFIRM
https://usn.ubuntu.com/4468-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Joseph Gullo for bringing this vulnerability to our attention.
JSON
.