CVE-2020-8616
- Source
- https://cve.org/CVERecord?id=CVE-2020-8616
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8616.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-8616
- Downstream
- Related
- Published
- 2020-05-19T14:15:11.877Z
- Modified
- 2026-04-16T04:34:54.152648610Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
- References
-
- https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/
- https://usn.ubuntu.com/4365-1/
- https://usn.ubuntu.com/4365-2/
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
- https://www.debian.org/security/2020/dsa-4689
- https://security.netapp.com/advisory/ntap-20200522-0002/
- https://www.synology.com/security/advisory/Synology_SA_20_12
- http://www.openwall.com/lists/oss-security/2020/05/19/4
- https://kb.isc.org/docs/cve-2020-8616
- http://www.nxnsattack.com
Affected packages
Git / gitlab.isc.org/isc-projects/bind9
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.isc.org/isc-projects/bind9
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "9.0.0" }, { "last_affected": "9.11.18" }, { "introduced": "9.12.0" }, { "last_affected": "9.12.4" }, { "introduced": "9.13.0" }, { "last_affected": "9.13.7" }, { "introduced": "9.14.0" }, { "last_affected": "9.14.11" }, { "introduced": "9.15.0" }, { "last_affected": "9.15.6" }, { "introduced": "9.16.0" }, { "last_affected": "9.16.2" }, { "introduced": "9.17.0" }, { "last_affected": "9.17.1" }, { "introduced": "0" }, { "last_affected": "9.12.4-p1" }, { "introduced": "0" }, { "last_affected": "9.9.3-s1" }, { "introduced": "0" }, { "last_affected": "9.10.5-s1" }, { "introduced": "0" }, { "last_affected": "9.10.7-s1" }, { "introduced": "0" }, { "last_affected": "9.11.3-s1" }, { "introduced": "0" }, { "last_affected": "9.11.6-s1" }, { "introduced": "0" }, { "last_affected": "9.0" } ] }
Affected versions
v9.*
v9.0.0
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.10.0rc2
v9.10.1
v9.10.1b1
v9.10.1b2
v9.10.1rc1
v9.10.1rc2
v9.10.2
v9.10.2b1
v9.10.2rc1
v9.10.2rc2
v9.10.3
v9.10.3b1
v9.10.3rc1
v9.10.4
v9.10.4b1
v9.10.4b2
v9.10.4b3
v9.10.4rc1
v9.10.5
v9.10.5b1
v9.10.5rc1
v9.10.5rc2
v9.10.5rc3
v9.10.6b1
v9.10.6rc1
v9.10.7b1
v9.11.0
v9.11.0a1
v9.11.0a2
v9.11.0a3
v9.11.0b1
v9.11.0b2
v9.11.0b3
v9.11.0rc1
v9.11.0rc2
v9.11.0rc3
v9.11.1
v9.11.11
v9.11.14
v9.11.16
v9.11.18
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.2b1
v9.11.2rc1
v9.11.3b1
v9.11.3rc1
v9.11.4
v9.11.4rc2
v9.11.6
v9.11.6-P1
v9.11.6rc1
v9.11.7
v9.11.9
v9.12.0a1
v9.12.0b1
v9.12.0b2
v9.12.0rc1
v9.12.1b1
v9.12.1rc1
v9.12.2
v9.12.2rc2
v9.12.4
v9.12.4-P1
v9.12.4rc1
v9.13.0
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.6
v9.13.7
v9.14.0rc1
v9.14.11
v9.14.2
v9.14.4
v9.14.6
v9.14.9
v9.15.0
v9.15.2
v9.15.3
v9.15.4
v9.15.6
v9.15.7
v9.15.8
v9.16.0
v9.16.2
v9.17.1
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.7.0a1
v9.9.0
v9.9.0rc3
v9.9.0rc4
v9.9.1
v9.9.2b1
v9.9.2rc1
v9.9.3b1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8616.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.12.4-p2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.5-s3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.5-s5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.7-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.8-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
}
]