Main Vulnerability Database Vulnerabilities #VU45820

#VU45820 Reachable Assertion in ISC BIND - CVE-2020-8621

Published: August 20, 2020

Vulnerability identifier: #VU45820

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-8621

CWE-ID: CWE-617

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ISC BIND

Software vendor:
ISC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in resolver.c while attempting QNAME minimization after forwarding. If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash.

Remediation

Install updates from vendor's website.

External links

https://kb.isc.org/docs/cve-2020-8621

#VU45820 Reachable Assertion in ISC BIND - CVE-2020-8621

Description

Remediation

External links

Please verify you're human