Main Vulnerability Database Vulnerabilities #VU45821

#VU45821 Reachable Assertion in ISC BIND - CVE-2020-8620

Published: August 20, 2020

Vulnerability identifier: #VU45821

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-8620

CWE-ID: CWE-617

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
ISC BIND

Software vendor:
ISC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in tcpdns.c when processing large TCP payloads. An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

Remediation

Install updates from vendor's website.

External links

https://kb.isc.org/docs/cve-2020-8620