CVE-2020-8617

HIGH

BIND 9.0.0-9.11.17 - Denial of Service via TSIG Key Assertion Failure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2020-8617. PoCs published by Teppei Fukuda, knqyf263, gothburz, including Metasploit module auxiliary/dos/dns/bind_tsig_badtime.

AI-analyzed exploit summary This exploit leverages a DNS TSIG vulnerability (CVE-2020-8617) by crafting a malformed DNS request with a TSIG record to trigger a denial-of-service condition in BIND 9.16.0. The PoC sends a DNS query with an invalid TSIG record to a local DNS server, potentially causing it to crash.

Description

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Exploits (4)

exploitdb WORKING POC
by Teppei Fukuda · pythondosmultiple
https://www.exploit-db.com/exploits/48521

This exploit leverages a DNS TSIG vulnerability (CVE-2020-8617) by crafting a malformed DNS request with a TSIG record to trigger a denial-of-service condition in BIND 9.16.0. The PoC sends a DNS query with an invalid TSIG record to a local DNS server, potentially causing it to crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND 9.16.0
No auth needed
Prerequisites: Network access to the target DNS server · Scapy library installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 45 stars
by knqyf263 · poc
https://github.com/knqyf263/CVE-2020-8617

This repository contains a functional PoC for CVE-2020-8617, a vulnerability in BIND9's TSIG authentication mechanism. The exploit uses a crafted DNS request with a malformed TSIG record to trigger the vulnerability, demonstrated via a Dockerized BIND9 server and a Python script using Scapy.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: ISC BIND9 version 9.12.4
No auth needed
Prerequisites: Docker environment · Python with Scapy library
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by gothburz · poc
https://github.com/gothburz/cve-2020-8617

This repository contains a Dockerized exploit for CVE-2020-8617, which targets a vulnerability in the BIND DNS server. The Dockerfile sets up the environment and clones the actual exploit code from another repository, while the entrypoint script modifies the target IP before execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BIND DNS server (versions affected by CVE-2020-8617)
No auth needed
Prerequisites: Docker environment · Target IP address
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC
by Tobias Klein, Shuto Imai · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/dns/bind_tsig_badtime.rb

This Metasploit module exploits a logic error in BIND's TSIG validity check (CVE-2020-8617) to trigger a denial-of-service via a crafted DNS query with a malformed TSIG record. The payload sends a UDP packet with a spoofed source address to crash the BIND service.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ISC BIND 9.11.0->9.11.13, 9.12.0->9.12.7, 9.14.0->9.14.9, 9.16.0->9.16.1
No auth needed
Prerequisites: Network access to target DNS server (UDP/53)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Patch, Vendor Advisory x_refsource_confirm
https://kb.isc.org/docs/cve-2020-8617
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/05/19/4
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4689
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200522-0002/
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4365-2/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4365-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

Scores

CVSS v3 7.5
EPSS 0.9342
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-617
Status published
Products (23)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
canonical/ubuntu_linux 20.04
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 31
... and 13 more
Published May 19, 2020
Tracked Since Feb 18, 2026