Home

CVE-2020-8617

Description

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
92.629

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in BIND 9.17.1Windows
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) bind-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) bind-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) bind-chrootenv-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) bind-chrootenv-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) bind-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) bind-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) bind-debugsource-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) bind-debugsource-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) bind-doc-9.11.2-3.17.1.noarch.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) bind-doc-9.11.2-3.17.1.noarch_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) bind-utils-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) bind-utils-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) bind-utils-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) bind-utils-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libbind9-160-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libbind9-160-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libbind9-160-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libbind9-160-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libdns169-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libdns169-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libdns169-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libdns169-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libirs160-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libirs160-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libirs160-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libirs160-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisc166-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisc166-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisc166-32bit-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisc166-32bit-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisc166-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisc166-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisc166-debuginfo-32bit-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisc166-debuginfo-32bit-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisccc160-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisccc160-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisccc160-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisccc160-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisccfg160-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisccfg160-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) libisccfg160-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) libisccfg160-debuginfo-9.11.2-3.17.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) liblwres160-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) liblwres160-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) liblwres160-debuginfo-9.11.2-3.17.1.x86_64.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) liblwres160-debuginfo-9.11.2-3.17.1.x86_64_SP4.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP5 ) python-bind-9.11.2-3.17.1.noarch.rpmLinux
SUSE-SU-2020:1350-1(SUSE Linux Enterprise Server 12-SP4 ) python-bind-9.11.2-3.17.1.noarch_SP4.rpmLinux
bind9 security update(DSA-4689-1) bind9_9.10.3.dfsg.P4-12.3+deb9u6_i386.debLinux
bind9 security update(DSA-4689-1) bind9_9.10.3.dfsg.P4-12.3+deb9u6_amd64.debLinux
bind9 security update(DSA-4689-1) bind9_9.11.5.P4+dfsg-5.1+deb10u1_i386.debLinux
bind9 security update(DSA-4689-1) bind9_9.11.5.P4+dfsg-5.1+deb10u1_amd64.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.16.1-0ubuntu2.1_i386.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.16.1-0ubuntu2.1_amd64.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.11.3+dfsg-1ubuntu1.12_i386.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.11.3+dfsg-1ubuntu1.12_amd64.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.10.3.dfsg.P4-8ubuntu1.16_i386.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.10.3.dfsg.P4-8ubuntu1.16_amd64.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.11.5.P4+dfsg-5.1ubuntu2.2_i386.debLinux
Internet Domain Name Server (USN-4365-1) bind9_9.11.5.P4+dfsg-5.1ubuntu2.2_amd64.debLinux
(RHSA-2020:2344) bind security update bind-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-libs-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-license-9.11.4-16.P2.el7_8.6.noarch.rpmLinux
(RHSA-2020:2344) bind security update bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(RHSA-2020:2344) bind security update bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2344) bind security update bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(RHSA-2020:2383) bind security update bind-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(RHSA-2020:2383) bind security update bind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(RHSA-2020:2383) bind security update bind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(RHSA-2020:2383) bind security update bind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(RHSA-2020:2383) bind security update bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(RHSA-2020:2383) bind security update bind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(RHSA-2020:2383) bind security update bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(RHSA-2020:2383) bind security update bind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(RHSA-2020:2383) bind security update bind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(RHSA-2020:2383) bind security update bind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(RHSA-2020:2383) bind security update bind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(RHSA-2020:2383) bind security update bind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
Bind update (ELSA-2020-2338) bind-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-chroot update (ELSA-2020-2338) bind-chroot-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-devel update (ELSA-2020-2338) bind-devel-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-export-devel update (ELSA-2020-2338) bind-export-devel-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-export-libs update (ELSA-2020-2338) bind-export-libs-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-libs update (ELSA-2020-2338) bind-libs-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-libs-lite update (ELSA-2020-2338) bind-libs-lite-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-lite-devel update (ELSA-2020-2338) bind-lite-devel-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-pkcs11 update (ELSA-2020-2338) bind-pkcs11-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-pkcs11-devel update (ELSA-2020-2338) bind-pkcs11-devel-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-pkcs11-libs update (ELSA-2020-2338) bind-pkcs11-libs-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-pkcs11-utils update (ELSA-2020-2338) bind-pkcs11-utils-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-sdb update (ELSA-2020-2338) bind-sdb-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-sdb-chroot update (ELSA-2020-2338) bind-sdb-chroot-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-utils update (ELSA-2020-2338) bind-utils-9.11.13-5.el8_2.x86_64.rpmLinux
Bind-license update (ELSA-2020-2338) bind-license-9.11.13-5.el8_2.noarch.rpmLinux
Python3-bind update (ELSA-2020-2338) python3-bind-9.11.13-5.el8_2.noarch.rpmLinux
Bind-devel update (ELSA-2020-2338) bind-devel-9.11.13-5.el8_2.i686.rpmLinux
Bind-export-devel update (ELSA-2020-2338) bind-export-devel-9.11.13-5.el8_2.i686.rpmLinux
Bind-export-libs update (ELSA-2020-2338) bind-export-libs-9.11.13-5.el8_2.i686.rpmLinux
Bind-libs update (ELSA-2020-2338) bind-libs-9.11.13-5.el8_2.i686.rpmLinux
Bind-libs-lite update (ELSA-2020-2338) bind-libs-lite-9.11.13-5.el8_2.i686.rpmLinux
Bind-lite-devel update (ELSA-2020-2338) bind-lite-devel-9.11.13-5.el8_2.i686.rpmLinux
Bind-pkcs11-devel update (ELSA-2020-2338) bind-pkcs11-devel-9.11.13-5.el8_2.i686.rpmLinux
Bind-pkcs11-libs update (ELSA-2020-2338) bind-pkcs11-libs-9.11.13-5.el8_2.i686.rpmLinux
(CESA-2020:2344) bind security update bind-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-libs-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-license-9.11.4-16.P2.el7_8.6.noarch.rpmLinux
(CESA-2020:2344) bind security update bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpmLinux
(CESA-2020:2344) bind security update bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2344) bind security update bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
(CESA-2020:2383) bind security update bind-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(CESA-2020:2383) bind security update bind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(CESA-2020:2383) bind security update bind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(CESA-2020:2383) bind security update bind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(CESA-2020:2383) bind security update bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(CESA-2020:2383) bind security update bind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(CESA-2020:2383) bind security update bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(CESA-2020:2383) bind security update bind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(CESA-2020:2383) bind security update bind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(CESA-2020:2383) bind security update bind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
(CESA-2020:2383) bind security update bind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpmLinux
(CESA-2020:2383) bind security update bind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpmLinux
Bind-export-devel update (ELSA-2020-2344) bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpmLinux
Reachable Assertion Vulnerability (CVE-2020-8617)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234