CVE-2020-8621

HIGH

BIND 9.14.0-9.16.5, 9.17.0-9.17.3 - DoS

Title source: llm

Description

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

References (7)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

[Vendor Advisory] https://kb.isc.org/docs/cve-2020-8621

[Third Party Advisory] https://security.gentoo.org/glsa/202008-19

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20200827-0003/

[Third Party Advisory] https://usn.ubuntu.com/4468-1/

[Third Party Advisory] https://www.synology.com/security/advisory/Synology_SA_20_19

Scores

CVSS v3 7.5

EPSS 0.0488

EPSS Percentile 89.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-617

Status published

Affected Products (8)

isc/bind < 9.16.5

opensuse/leap

opensuse/leap

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

synology/dns_server < 2.2.2-5027

netapp/steelstore_cloud_integrated_storage

Timeline

Published Aug 21, 2020

Tracked Since Feb 18, 2026