Description
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
https://kb.isc.org/docs/cve-2020-8621
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200827-0003/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4468-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202008-19
Third Party Advisory x_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_20_19
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
Scores
CVSS v3
7.5
EPSS
0.0488
EPSS Percentile
89.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (8)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
isc/bind
9.14.0 - 9.16.5
netapp/steelstore_cloud_integrated_storage
opensuse/leap
15.1
opensuse/leap
15.2
synology/dns_server
< 2.2.2-5027
Published
Aug 21, 2020
Tracked Since
Feb 18, 2026