CVE-2020-8621

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8621
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8621.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-8621
Downstream
Related
Published
2020-08-21T21:15:12.167Z
Modified
2026-04-11T12:35:11.270671Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "fixed": "2.2.2-5027"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "20.04"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "15.1"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "15.2"
                }
            ]
        }
    ]
}
References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
d1e053ed8dff25af8af241cf5ee2c83bd41a25ad
Last affected
c00b4586ab21960bc2b13989f77ea8465e989187
Introduced
04ca7cc4b6993f47ea61852c759d047c83be7b3f
Last affected
079e9baebe7d2b42610b9d7bdc0f8a5f78bbe2d5
Database specific 
{
    "cpe": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "9.14.0"
        },
        {
            "last_affected": "9.16.5"
        },
        {
            "introduced": "9.17.0"
        },
        {
            "last_affected": "9.17.3"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8621.json"