CVE-2020-8625

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8625
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8625.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8625
Downstream
Related
Published
2021-02-17T23:15:13.530Z
Modified
2026-04-16T04:36:30.478883163Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
4883ba14a28b3f1798f0a9840f4fd8accca8b69b
Last affected
99ca3c536a90d95a2939d91205b2333da2a961a1
Introduced
71a40862c0be867999867cd99e21c2266a5e452b
Last affected
9ff601bcca506f745e5627fc9630efdd80aaafac
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
617639b7cc40ba9eb6fde2d98099726d50da812e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eba38b89007f65bc6c1fdd2451034bbe3908b9a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
04ca7cc4b6993f47ea61852c759d047c83be7b3f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
deb57872b630b9957662cf443e1e0001ab0e7b73
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19d6c56085e97cf4ac559cdc27edd624127bcb32
Database specific 
{
    "versions": [
        {
            "introduced": "9.5.0"
        },
        {
            "last_affected": "9.11.27"
        },
        {
            "introduced": "9.12.0"
        },
        {
            "last_affected": "9.16.11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.11.3-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.11.6-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.17.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.17.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

v9.*
v9.0.0
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.11.0
v9.11.0a1
v9.11.0a2
v9.11.0a3
v9.11.0b1
v9.11.0b2
v9.11.0b3
v9.11.0rc1
v9.11.0rc2
v9.11.0rc3
v9.11.1
v9.11.11
v9.11.14
v9.11.16
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.27
v9.11.2b1
v9.11.2rc1
v9.11.3b1
v9.11.3rc1
v9.11.4
v9.11.4rc2
v9.11.6
v9.11.6-P1
v9.11.6rc1
v9.11.7
v9.11.9
v9.12.0a1
v9.12.0b1
v9.12.0b2
v9.12.0rc1
v9.13.0
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.6
v9.15.0
v9.15.2
v9.15.3
v9.15.4
v9.15.7
v9.15.8
v9.16.0
v9.16.11
v9.17.0
v9.17.1
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.7.0a1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8625.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.5-s3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.5-s5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.7-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.8-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.21-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.27-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.8-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.11-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.1.1"
            }
        ]
    }
]