CVE-2020-8622

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8622
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8622.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8622
Downstream
Related
Published
2020-08-21T21:15:12.247Z
Modified
2026-04-10T04:28:26.345132Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
19d6c56085e97cf4ac559cdc27edd624127bcb32
Last affected
4ce7edb5801e41d14b0da003d97f81b0d73424c9
Introduced
71a40862c0be867999867cd99e21c2266a5e452b
Last affected
c00b4586ab21960bc2b13989f77ea8465e989187
Introduced
04ca7cc4b6993f47ea61852c759d047c83be7b3f
Last affected
079e9baebe7d2b42610b9d7bdc0f8a5f78bbe2d5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c59cea1c0e26e2da3f2afb90200bfe9f7748c03
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19d6c56085e97cf4ac559cdc27edd624127bcb32
Database specific 
{
    "versions": [
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.11.21"
        },
        {
            "introduced": "9.12.0"
        },
        {
            "last_affected": "9.16.5"
        },
        {
            "introduced": "9.17.0"
        },
        {
            "last_affected": "9.17.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.9.3-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

v9.*
v9.0.0
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.11.0
v9.11.0a1
v9.11.0a2
v9.11.0a3
v9.11.0b1
v9.11.0b2
v9.11.0b3
v9.11.0rc1
v9.11.0rc2
v9.11.0rc3
v9.11.1
v9.11.11
v9.11.14
v9.11.16
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.21
v9.11.2b1
v9.11.2rc1
v9.11.3b1
v9.11.3rc1
v9.11.4
v9.11.4rc2
v9.11.6
v9.11.6rc1
v9.11.7
v9.11.9
v9.12.0a1
v9.12.0b1
v9.12.0b2
v9.12.0rc1
v9.13.0
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.6
v9.15.0
v9.15.2
v9.15.3
v9.15.4
v9.15.7
v9.15.8
v9.16.0
v9.16.5
v9.17.3
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.7.0a1
v9.9.0
v9.9.0rc3
v9.9.0rc4
v9.9.1
v9.9.2b1
v9.9.2rc1
v9.9.3b1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.21-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.2.2-5028"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0.0"
            },
            {
                "last_affected": "8.5.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8622.json"