Published: 17/02/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the "bind" user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.11.7
isc bind 9.11.3
isc bind 9.11.6
isc bind 9.11.5
isc bind 9.11.8
isc bind 9.11.21
isc bind 9.17.0
isc bind 9.17.1
isc bind 9.16.8
isc bind 9.16.11
isc bind 9.11.27
isc bind
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
siemens sinec infrastructure network services
netapp cloud backup -
netapp a250_firmware -
netapp 500f_firmware -

Debian Bug report logs - #983004 bind9: CVE-2020-8625 Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 18 Feb 2021 05:33:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in versions bin ...

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service (daemon crash), or potentially the execution of arbitrary code For the stable distribution (buster), this problem has been fixed in version 1:911 ...

A buffer overflow flaw was found in the SPNEGO implementation used by BIND This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (CVE-2020-8625) ...

A security issue was found in BIND 950 up to 91127, 9120 up to 91611, and versions BIND 9113-S1 up to 91127-S1 and 9168-S1 up to 91611-S1 of BIND Supported Preview Edition, as well as the release versions 9170 and 9171 of the BIND 917 development branch A vulnerability in BIND's GSSAPI security policy can be targeted by a buff ...

Critical Infrastructure Sectors: Energy

oss-sec mailing list archives   By Date By Thread </form>    BIND Operational Notification: Zone journal (jnl) file incompatibility,after upgrading to BIND 91612 and 917 <!--X-Subject ...

CWE-120 https://kb.isc.org/v1/docs/cve-2020-8625 https://www.debian.org/security/2021/dsa-4857 http://www.openwall.com/lists/oss-security/2021/02/19/1 https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html http://www.openwall.com/lists/oss-security/2021/02/20/2 https://www.zerodayinitiative.com/advisories/ZDI-21-195/https://security.netapp.com/advisory/ntap-20210319-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004 https://www.debian.org/security/2021/dsa-4857 https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09 https://www.zerodayinitiative.com/advisories/ZDI-21-195/

CVE-2020-8625

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect