Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-8617

Good to know:

icon
icon

Date: May 19, 2020

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Language: C

Severity Score

Related Resources (15)

https://nvd.nist.gov/vuln/detail/CVE-2020-8617
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/
https://usn.ubuntu.com/4365-1/
https://security.netapp.com/advisory/ntap-20200522-0002/
https://usn.ubuntu.com/4365-2/
https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html
http://www.openwall.com/lists/oss-security/2020/05/19/4
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
https://www.debian.org/security/2020/dsa-4689
https://kb.isc.org/docs/cve-2020-8617
http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/
https://access.redhat.com/security/cve/CVE-2020-8617
https://www.mend.io/vulnerability-database/CVE-2020-8617

Severity Score

Weakness Type (CWE)

Reachable Assertion

CWE-617

Top Fix

icon

Upgrade Version

Upgrade to version 9.11.19,9.14.12,9.16.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us