CVE-2020-8622

Name
CVE-2020-8622
Description
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://kb.isc.org/docs/cve-2020-8622
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/
CONFIRM https://security.netapp.com/advisory/ntap-20200827-0003/
UBUNTU https://usn.ubuntu.com/4468-1/
UBUNTU https://usn.ubuntu.com/4468-2/
DEBIAN https://www.debian.org/security/2020/dsa-4752
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/
MLIST https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html
CONFIRM https://www.synology.com/security/advisory/Synology_SA_20_19
GENTOO https://security.gentoo.org/glsa/202008-19
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
MISC https://www.oracle.com/security-alerts/cpuoct2021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* bind >= 9.0.0 <= 9.11.21
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* bind >= 9.12.0 <= 9.16.5
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* bind >= 9.17.0 <= 9.17.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status