CVE-2020-8620

HIGH

BIND <9.16.6, >=9.17.4 - DoS

Title source: llm

Description

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

References (7)

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

[Vendor Advisory] https://kb.isc.org/docs/cve-2020-8620

[Third Party Advisory] https://security.gentoo.org/glsa/202008-19

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20200827-0003/

[Third Party Advisory] https://usn.ubuntu.com/4468-1/

[Third Party Advisory] https://www.synology.com/security/advisory/Synology_SA_20_19

Scores

CVSS v3 7.5

EPSS 0.0837

EPSS Percentile 92.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-617

Status published

Affected Products (11)

isc/bind < 9.16.5

isc/bind

opensuse/leap

netapp/steelstore_cloud_integrated_storage

canonical/ubuntu_linux

Timeline

Published Aug 21, 2020

Tracked Since Feb 18, 2026