1. Home
  2. Vulnerabilities
  3. CVE-2020-8617

CVE-2020-8617

CVSS v3.1 5.9 (Medium)
59% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 97.25 % (100th)
97.25% Progress
Affected Products 5
Advisories 21
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Weaknesses
CWE-617
Reachable Assertion
CVE Status
PUBLISHED
CNA
Internet Systems Consortium (ISC)
Published Date
2020-05-19 14:15:11
(4 years ago)
Updated Date
2023-11-07 03:26:38
(10 months ago)

Affected Products

Canonical

Debian

Fedoraproject

Isc

Opensuse

Configuration #1

    CPE23 From Up To
  Isc Bind from 9.0.0 version and 9.11.18 and prior versions cpe:2.3:a:isc:bind >= 9.0.0 <= 9.11.18
  Isc Bind from 9.12.0 version and 9.12.4 and prior versions cpe:2.3:a:isc:bind >= 9.12.0 <= 9.12.4
  Isc Bind from 9.13.0 version and 9.13.7 and prior versions cpe:2.3:a:isc:bind >= 9.13.0 <= 9.13.7
  Isc Bind from 9.14.0 version and 9.14.11 and prior versions cpe:2.3:a:isc:bind >= 9.14.0 <= 9.14.11
  Isc Bind from 9.15.0 version and 9.15.6 and prior versions cpe:2.3:a:isc:bind >= 9.15.0 <= 9.15.6
  Isc Bind from 9.16.0 version and 9.16.2 and prior versions cpe:2.3:a:isc:bind >= 9.16.0 <= 9.16.2
  Isc Bind from 9.17.0 version and 9.17.1 and prior versions cpe:2.3:a:isc:bind >= 9.17.0 <= 9.17.1
  Isc Bind 9.12.4 P1 cpe:2.3:a:isc:bind:9.12.4:p1
  Isc Bind 9.12.4 P2 cpe:2.3:a:isc:bind:9.12.4:p2

Configuration #2

    CPE23 From Up To
  Isc Bind 9.9.3 S1 cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview
  Isc Bind 9.10.5 S1 cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview
  Isc Bind 9.10.7 S1 cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview
  Isc Bind 9.11.3 S1 cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview
  Isc Bind 9.11.5 S3 cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview
  Isc Bind 9.11.5 S5 cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview
  Isc Bind 9.11.6 S1 cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview
  Isc Bind 9.11.7 S1 cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview
  Isc Bind 9.11.8 S1 cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview

Configuration #3

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #4

    CPE23 From Up To
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31
  Fedoraproject Fedora 32 cpe:2.3:o:fedoraproject:fedora:32

Configuration #5

    CPE23 From Up To
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1
  Opensuse Leap 15.2 cpe:2.3:o:opensuse:leap:15.2

Configuration #6

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10
  Canonical Ubuntu Linux 20.04 cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts