admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/8xxx/CVE-2020-8622.json

186 lines
7.7 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2020-02-05 13:01:17 +00:00
{
"CVE_data_meta": {
[ISC] document BIND9 CVE-2020-8620 to '-8624
2020-08-21 15:46:21 -05:00
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2020-08-20T18:35:08.000Z",
"-Synchronized-Data."
2020-02-05 13:01:17 +00:00
"ID": "CVE-2020-8622",
[ISC] document BIND9 CVE-2020-8620 to '-8624
2020-08-21 15:46:21 -05:00
"STATE": "PUBLIC",
"TITLE": "A truncated TSIG response can lead to an assertion failure"
"-Synchronized-Data."
2020-02-05 13:01:17 +00:00
},
[ISC] document BIND9 CVE-2020-8620 to '-8624
2020-08-21 15:46:21 -05:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND9",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "9.0.0"
},
{
"version_affected": "<",
"version_value": "9.11.22"
},
{
"version_affected": ">=",
"version_value": "9.12.0"
},
{
"version_affected": "<",
"version_value": "9.16.6"
},
{
"version_affected": ">=",
"version_value": "9.17.0"
},
{
"version_affected": "<",
"version_value": "9.17.4"
},
{
"version_affected": ">=",
"version_name": "Supported Preview",
"version_value": "9.9.3-S1"
},
{
"version_affected": "<",
"version_name": "Supported Preview",
"version_value": "9.11.22-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham of Oracle for bringing this vulnerability to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2020-02-05 13:01:17 +00:00
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2020-08-21 21:01:35 +00:00
"value": "In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit."
"-Synchronized-Data."
2020-02-05 13:01:17 +00:00
}
]
[ISC] document BIND9 CVE-2020-8620 to '-8624
2020-08-21 15:46:21 -05:00
},
"exploit": [
{
"lang": "eng",
"value": "We are not aware of any active exploits"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Attempting to verify a truncated response to a TSIG-signed request leads to an assertion failure. Affects BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2020-8622",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2020-8622"
"-Synchronized-Data."
2020-08-26 17:01:37 +00:00
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-a02b7a0f21",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
"-Synchronized-Data."
2020-08-27 11:01:23 +00:00
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200827-0003/",
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
"-Synchronized-Data."
2020-08-27 16:01:37 +00:00
},
{
"refsource": "UBUNTU",
"name": "USN-4468-1",
"url": "https://usn.ubuntu.com/4468-1/"
"-Synchronized-Data."
2020-08-27 20:01:24 +00:00
},
{
"refsource": "UBUNTU",
"name": "USN-4468-2",
"url": "https://usn.ubuntu.com/4468-2/"
"-Synchronized-Data."
2020-08-28 00:01:25 +00:00
},
{
"refsource": "DEBIAN",
"name": "DSA-4752",
"url": "https://www.debian.org/security/2020/dsa-4752"
"-Synchronized-Data."
2020-08-29 18:01:27 +00:00
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-14c194e5af",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
"-Synchronized-Data."
2020-08-30 00:01:28 +00:00
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
"-Synchronized-Data."
2020-08-30 16:01:23 +00:00
},
{
"refsource": "GENTOO",
"name": "GLSA-202008-19",
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_20_19",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
[ISC] document BIND9 CVE-2020-8620 to '-8624
2020-08-21 15:46:21 -05:00
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.22\n BIND 9.16.6\n BIND 9.17.4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.22-S1\n"
}
],
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "No workarounds known."
}
]
"-Synchronized-Data."
2020-08-21 21:01:35 +00:00
}
Reference in New Issue Copy Permalink