Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2020-8624

Published: 21/08/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Isc

Vulnerability Summary

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind

isc bind 9.11.3

isc bind 9.9.12

isc bind 9.9.13

isc bind 9.11.21

debian debian linux 10.0

canonical ubuntu linux 18.04

netapp steelstore cloud integrated storage -

fedoraproject fedora 31

fedoraproject fedora 32

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

opensuse leap 15.1

opensuse leap 15.2

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-8624: update-policy rules of type subdomain are enforced incorrectly
Debian Bug report logs - #966497 CVE-2020-8624: update-policy rules of type subdomain are enforced incorrectly Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Joop Boonen <joopboonen@credativde> Date: Wed, 29 Jul ...
Debian Security Advisories: DSA-4752-1 bind9 -- security update
Several vulnerabilities were discovered in BIND, a DNS server implementation CVE-2020-8619 It was discovered that an asterisk character in an empty non terminal can cause an assertion failure, resulting in denial of service CVE-2020-8622 Dave Feldman, Jeff Warren, and Joel Cunningham reported that a truncated TSIG response can le ...
Red Hat: Moderate: bind security and bug fix update
Synopsis Moderate: bind security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Red Hat: Moderate: bind security update
Synopsis Moderate: bind security update Type/Severity Security Advisory: Moderate Topic An update for bind is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Red Hat: Moderate: bind security, bug fix, and enhancement update
Synopsis Moderate: bind security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for bind is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Red Hat: Moderate: OpenShift Container Platform 4.5.20 bug fix and golang security update
Synopsis Moderate: OpenShift Container Platform 4520 bug fix and golang security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4520 is now available with updates to packages and images that fix several bugsThis release includes a security update for ...
Amazon Linux 2: ALAS2-2020-1564
A flaw was found in bind An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request The highest threat from this vulnerability is to system availability (CVE-2020-8622) A flaw was found in bind An assertion failure can occur when a specially crafted query for a zone signed with an RSA key BIND must be co ...

References

CWE-269https://kb.isc.org/docs/cve-2020-8624https://security.netapp.com/advisory/ntap-20200827-0003/https://usn.ubuntu.com/4468-1/https://www.debian.org/security/2020/dsa-4752https://security.gentoo.org/glsa/202008-19https://www.synology.com/security/advisory/Synology_SA_20_19http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966497https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4752
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook