CVE-2020-8616

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8616
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8616.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-8616
Downstream
Related
Published
2020-05-19T14:15:11.877Z
Modified
2026-03-14T22:39:40.161889Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
19d6c56085e97cf4ac559cdc27edd624127bcb32
Last affected
bc6c00f15aab336c7467e3fbad977ce05cdf398e
Introduced
71a40862c0be867999867cd99e21c2266a5e452b
Last affected
a953e08740c2d76cd69e3e9515e14544fa3a1dda
Introduced
29b3a7d84240a51099490c0f39ae537f4e0d6a7a
Last affected
6491691ac4bec0dc59e3eeba2797d65527f3bcd6
Introduced
d1e053ed8dff25af8af241cf5ee2c83bd41a25ad
Last affected
098f68799b79aa0c53dc60bf3759347c87a8ba25
Introduced
031bca512d4788356de4cce6f3e61e6b1a878f9c
Last affected
fa2f16db89ddfb54c4a0e10d103a521e2fda2e0b
Introduced
6270e602ea52209243475c4f1edbabe084e148f7
Last affected
b310dc7f5ec5458c5b831be99cdbac03e33be4a6
Introduced
04ca7cc4b6993f47ea61852c759d047c83be7b3f
Last affected
deb57872b630b9957662cf443e1e0001ab0e7b73
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
28e45cd00e2e1e621a2e97ba1ee6bdc6a4102e16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c59cea1c0e26e2da3f2afb90200bfe9f7748c03
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
341e64a2de908ceec50ed46d243bf3402342735c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fe1302d54424009769409e46c0d50c0bcccd1d31
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
617639b7cc40ba9eb6fde2d98099726d50da812e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eba38b89007f65bc6c1fdd2451034bbe3908b9a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19d6c56085e97cf4ac559cdc27edd624127bcb32
Database specific 
{
    "versions": [
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.11.18"
        },
        {
            "introduced": "9.12.0"
        },
        {
            "last_affected": "9.12.4"
        },
        {
            "introduced": "9.13.0"
        },
        {
            "last_affected": "9.13.7"
        },
        {
            "introduced": "9.14.0"
        },
        {
            "last_affected": "9.14.11"
        },
        {
            "introduced": "9.15.0"
        },
        {
            "last_affected": "9.15.6"
        },
        {
            "introduced": "9.16.0"
        },
        {
            "last_affected": "9.16.2"
        },
        {
            "introduced": "9.17.0"
        },
        {
            "last_affected": "9.17.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.4-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.9.3-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.10.5-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.10.7-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.11.3-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.11.6-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

v9.*
v9.13.0
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.6
v9.15.0
v9.15.2
v9.15.3
v9.15.4
v9.15.5
v9.15.6

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.12.4-p2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.5-s3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.5-s5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.7-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.8-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8616.json"