Vulnerability-Lookup

VAR-202005-1028

Vulnerability from variot - Updated: 2026-03-09 20:39

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks.

CVE-2019-6477

It was discovered that TCP-pipelined queries can bypass tcp-client
limits resulting in denial of service.

For the oldstable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u6.

For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u1.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39 tMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF lOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR inKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s kUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp HokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV ssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF Rx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/ FK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o ye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp WIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs= =SqNI -----END PGP SIGNATURE----- . 8.0) - aarch64, ppc64le, s390x, x86_64

7.4) - noarch, x86_64
Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution:

For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for release 4.4.8, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):

1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

7) - aarch64, ppc64le, s390x
7.7) - ppc64, ppc64le, s390x, x86_64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: bind security update Advisory ID: RHSA-2020:2344-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2344 Issue date: 2020-06-01 CVE Names: CVE-2020-8616 CVE-2020-8617 ==================================================================== 1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted automatically.

Bugs fixed (https://bugzilla.redhat.com/):

1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals 1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: bind-9.11.4-16.P2.el7_8.6.src.rpm

noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm

x86_64: bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: bind-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: bind-9.11.4-16.P2.el7_8.6.src.rpm

noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: bind-9.11.4-16.P2.el7_8.6.src.rpm

noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm

ppc64: bind-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.ppc.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-libs-9.11.4-16.P2.el7_8.6.ppc.rpm bind-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm

ppc64le: bind-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm

s390x: bind-9.11.4-16.P2.el7_8.6.s390x.rpm bind-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.s390.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.s390x.rpm bind-libs-9.11.4-16.P2.el7_8.6.s390.rpm bind-libs-9.11.4-16.P2.el7_8.6.s390x.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.s390.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.s390x.rpm bind-utils-9.11.4-16.P2.el7_8.6.s390x.rpm

x86_64: bind-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm

ppc64le: bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-sdb-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm

s390x: bind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm bind-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-sdb-9.11.4-16.P2.el7_8.6.s390x.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm

x86_64: bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: bind-9.11.4-16.P2.el7_8.6.src.rpm

noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm

x86_64: bind-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/cve/CVE-2020-8617 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXtTLT9zjgjWX9erEAQgZIhAApcPTwXOJR5ZcZSycdasXkiT5KuLsEXGl ZzYZC1xN62FE00ctUoNtGIP9xwVTUp8C7K8vDvpi38Fu/br0oWKfdudldn/iYIlW lVRNyD71aHS0CcE29+eFF8TofsNRZ2hYbTcYJIX1AbsqEb5IqAwhOxEoKdraTzG8 zx5MQc/61aRr/kjAdaamy8dLdKCXwPZ43471xsABXqGXtuBbOJCbPpbKV6iUhNFD RQc2m0D8W7/mbduKnBbMI/FmSMY2j9jfJmVHVHlfczvIiXey/ntzso+Fe292OFoR 3dhI8wjHgxA1XuQXGt+xxxqwFfGF8QBdqqzBFzZdyf7hxHtv/RxoTNj3JXrFZtex tx9JBsk8sBmJl2pb17ak6LplCQhTP0E4GplWb62P9mr4EwZyfN/Qq09WyiN7B6te 8frV/h8n1rQu2etLQSJjXwA6/05h1ScRdl0dcxi+8PqCI7ik0QBKw6zbRzKr/XEd YJgGVBHVYbrCtAxqZ8Mtl1WoN9SuwAb06hHH8lVotpU0JrB+RZtfQbxmKycX8MHd q+4FtmEKSiiblhvQ4qQaOpXzkONvSlOpsQx+y5795IM4eXVA2dIv+/E6F0dNApJC nW887uzHRKTymT6/2p5sDVTm8ioN2LGGX9KoiHrhIsmLWwI4UzVrUQJZFGsOMYSj N3gJ4Ik0DPQ=qhuZ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.10.5"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.15.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.16.2"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.17.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.11.5"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.11.3"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.12.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.13.7"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.16.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.12.4"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.15.6"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.11.7"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.11.6"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.14.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.10.7"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.9.3"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.11.8"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.11.18"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.12.4"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.13.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.14.11"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.17.1"
      },
      {
        "_id": null,
        "model": "dns",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "xack",
        "version": "1.10.0 \u304b\u3089 1.10.8"
      },
      {
        "_id": null,
        "model": "dns",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "xack",
        "version": "1.11.0 \u304b\u3089 1.11.4"
      },
      {
        "_id": null,
        "model": "dns",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "xack",
        "version": "1.7.0 \u304b\u3089 1.7.18"
      },
      {
        "_id": null,
        "model": "dns",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "xack",
        "version": "1.7.0 \u306e\u5168\u3066"
      },
      {
        "_id": null,
        "model": "dns",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "xack",
        "version": "1.8.0 \u304b\u3089 1.8.23"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8616"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:misc:xack_xack_dns",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157966"
      },
      {
        "db": "PACKETSTORM",
        "id": "158844"
      },
      {
        "db": "PACKETSTORM",
        "id": "158134"
      },
      {
        "db": "PACKETSTORM",
        "id": "158899"
      },
      {
        "db": "PACKETSTORM",
        "id": "158908"
      },
      {
        "db": "PACKETSTORM",
        "id": "158720"
      },
      {
        "db": "PACKETSTORM",
        "id": "158806"
      },
      {
        "db": "PACKETSTORM",
        "id": "157889"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-8616",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-8616",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000036",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-8616",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.6,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000036",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-8616",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security-officer@isc.org",
            "id": "CVE-2020-8616",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-000036",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-8616",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8616"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8616"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. \u30fb Abuse the full resolver as a stepping stone for reflection attacks. \n\nCVE-2019-6477\n\n    It was discovered that TCP-pipelined queries can bypass tcp-client\n    limits resulting in denial of service. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1:9.10.3.dfsg.P4-12.3+deb9u6. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:9.11.5.P4+dfsg-5.1+deb10u1. \n\nWe recommend that you upgrade your bind9 packages. \n\nFor the detailed security status of bind9 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39\ntMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF\nlOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR\ninKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s\nkUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp\nHokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV\nssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF\nRx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/\nFK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o\nye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp\nWIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs=\n=SqNI\n-----END PGP SIGNATURE-----\n. 8.0) - aarch64, ppc64le, s390x, x86_64\n\n3. 7.4) - noarch, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. Solution:\n\nFor OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.8, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information\n\n5. 7) - aarch64, ppc64le, s390x\n\n3. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: bind security update\nAdvisory ID:       RHSA-2020:2344-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:2344\nIssue date:        2020-06-01\nCVE Names:         CVE-2020-8616 CVE-2020-8617\n====================================================================\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* bind: BIND does not sufficiently limit the number of fetches performed\nwhen processing referrals (CVE-2020-8616)\n\n* bind: A logic error in code which checks TSIG validity can be used to\ntrigger an assertion failure in tsig.c (CVE-2020-8617)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals\n1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nbind-9.11.4-16.P2.el7_8.6.src.rpm\n\nnoarch:\nbind-license-9.11.4-16.P2.el7_8.6.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbind-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nbind-9.11.4-16.P2.el7_8.6.src.rpm\n\nnoarch:\nbind-license-9.11.4-16.P2.el7_8.6.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbind-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nbind-9.11.4-16.P2.el7_8.6.src.rpm\n\nnoarch:\nbind-license-9.11.4-16.P2.el7_8.6.noarch.rpm\n\nppc64:\nbind-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm\n\nppc64le:\nbind-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm\n\ns390x:\nbind-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-pkcs11-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-pkcs11-utils-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-utils-9.11.4-16.P2.el7_8.6.s390x.rpm\n\nx86_64:\nbind-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-sdb-9.11.4-16.P2.el7_8.6.ppc64.rpm\nbind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm\n\nppc64le:\nbind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-sdb-9.11.4-16.P2.el7_8.6.ppc64le.rpm\nbind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm\n\ns390x:\nbind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-sdb-9.11.4-16.P2.el7_8.6.s390x.rpm\nbind-sdb-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nbind-9.11.4-16.P2.el7_8.6.src.rpm\n\nnoarch:\nbind-license-9.11.4-16.P2.el7_8.6.noarch.rpm\n\nx86_64:\nbind-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm\nbind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm\nbind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8616\nhttps://access.redhat.com/security/cve/CVE-2020-8617\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXtTLT9zjgjWX9erEAQgZIhAApcPTwXOJR5ZcZSycdasXkiT5KuLsEXGl\nZzYZC1xN62FE00ctUoNtGIP9xwVTUp8C7K8vDvpi38Fu/br0oWKfdudldn/iYIlW\nlVRNyD71aHS0CcE29+eFF8TofsNRZ2hYbTcYJIX1AbsqEb5IqAwhOxEoKdraTzG8\nzx5MQc/61aRr/kjAdaamy8dLdKCXwPZ43471xsABXqGXtuBbOJCbPpbKV6iUhNFD\nRQc2m0D8W7/mbduKnBbMI/FmSMY2j9jfJmVHVHlfczvIiXey/ntzso+Fe292OFoR\n3dhI8wjHgxA1XuQXGt+xxxqwFfGF8QBdqqzBFzZdyf7hxHtv/RxoTNj3JXrFZtex\ntx9JBsk8sBmJl2pb17ak6LplCQhTP0E4GplWb62P9mr4EwZyfN/Qq09WyiN7B6te\n8frV/h8n1rQu2etLQSJjXwA6/05h1ScRdl0dcxi+8PqCI7ik0QBKw6zbRzKr/XEd\nYJgGVBHVYbrCtAxqZ8Mtl1WoN9SuwAb06hHH8lVotpU0JrB+RZtfQbxmKycX8MHd\nq+4FtmEKSiiblhvQ4qQaOpXzkONvSlOpsQx+y5795IM4eXVA2dIv+/E6F0dNApJC\nnW887uzHRKTymT6/2p5sDVTm8ioN2LGGX9KoiHrhIsmLWwI4UzVrUQJZFGsOMYSj\nN3gJ4Ik0DPQ=qhuZ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8616"
      },
      {
        "db": "PACKETSTORM",
        "id": "168830"
      },
      {
        "db": "PACKETSTORM",
        "id": "157966"
      },
      {
        "db": "PACKETSTORM",
        "id": "158844"
      },
      {
        "db": "PACKETSTORM",
        "id": "158134"
      },
      {
        "db": "PACKETSTORM",
        "id": "158899"
      },
      {
        "db": "PACKETSTORM",
        "id": "158908"
      },
      {
        "db": "PACKETSTORM",
        "id": "158720"
      },
      {
        "db": "PACKETSTORM",
        "id": "158806"
      },
      {
        "db": "PACKETSTORM",
        "id": "157889"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8616",
        "trust": 2.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2020/05/19/4",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVN40208370",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8616",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168830",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157966",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158844",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158134",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158908",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158720",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158806",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157889",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8616"
      },
      {
        "db": "PACKETSTORM",
        "id": "168830"
      },
      {
        "db": "PACKETSTORM",
        "id": "157966"
      },
      {
        "db": "PACKETSTORM",
        "id": "158844"
      },
      {
        "db": "PACKETSTORM",
        "id": "158134"
      },
      {
        "db": "PACKETSTORM",
        "id": "158899"
      },
      {
        "db": "PACKETSTORM",
        "id": "158908"
      },
      {
        "db": "PACKETSTORM",
        "id": "158720"
      },
      {
        "db": "PACKETSTORM",
        "id": "158806"
      },
      {
        "db": "PACKETSTORM",
        "id": "157889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8616"
      }
    ]
  },
  "id": "VAR-202005-1028",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.41666666
  },
  "last_update_date": "2026-03-09T20:39:46.016000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "CVE-2020-8616 (NXNSAttack) \u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "https://xack.co.jp/info/?ID=622"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203433 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202383 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: bind9 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4365-1"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203272 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203470 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202404 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203471 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203379 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202345 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202338 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: bind9 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4365-2"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203475 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202344 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: bind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203378 - Security Advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: bind9: CVE-2020-8616 CVE-2020-8617",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=381e66e05d75d93918e55cdaa636e1b0"
      },
      {
        "title": "Debian Security Advisories: DSA-4689-1 bind9 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=808ccb545c64882f6cfa960abf75abfa"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.4.8 openshift-enterprise-hyperkube-container security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202449 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202595 - Security Advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1369",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1369"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.3.25 openshift-enterprise-hyperkube-container security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202441 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.3.25 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202439 - Security Advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8616 log"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202005-13] bind: denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-13"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2020-1426",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1426"
      },
      {
        "title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ca8040b949152189bea3a3126afcd39"
      },
      {
        "title": "Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203194 - Security Advisory"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/pexip/os-bind9-libs "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8616"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.2,
        "url": "https://usn.ubuntu.com/4365-1/"
      },
      {
        "trust": 1.1,
        "url": "http://www.nxnsattack.com"
      },
      {
        "trust": 1.1,
        "url": "https://kb.isc.org/docs/cve-2020-8616"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2020/dsa-4689"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/4365-2/"
      },
      {
        "trust": 1.1,
        "url": "https://www.synology.com/security/advisory/synology_sa_20_12"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8616"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8617"
      },
      {
        "trust": 0.8,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-8616"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5591"
      },
      {
        "trust": 0.8,
        "url": "https://jprs.jp/tech/security/2020-05-20-bind9-vuln-processing-referrals.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn40208370/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.nxnsattack.com/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-8617"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:3433"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2020-8616"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/bind9"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6477"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8555"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2449"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.4/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8555"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3471"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3475"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3272"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3379"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2344"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8616"
      },
      {
        "db": "PACKETSTORM",
        "id": "168830"
      },
      {
        "db": "PACKETSTORM",
        "id": "157966"
      },
      {
        "db": "PACKETSTORM",
        "id": "158844"
      },
      {
        "db": "PACKETSTORM",
        "id": "158134"
      },
      {
        "db": "PACKETSTORM",
        "id": "158899"
      },
      {
        "db": "PACKETSTORM",
        "id": "158908"
      },
      {
        "db": "PACKETSTORM",
        "id": "158720"
      },
      {
        "db": "PACKETSTORM",
        "id": "158806"
      },
      {
        "db": "PACKETSTORM",
        "id": "157889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8616"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8616",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "168830",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "157966",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158844",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158134",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158899",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158908",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158720",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "158806",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "157889",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8616",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-05-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8616",
        "ident": null
      },
      {
        "date": "2020-05-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168830",
        "ident": null
      },
      {
        "date": "2020-06-04T19:22:22",
        "db": "PACKETSTORM",
        "id": "157966",
        "ident": null
      },
      {
        "date": "2020-08-12T15:54:40",
        "db": "PACKETSTORM",
        "id": "158844",
        "ident": null
      },
      {
        "date": "2020-06-17T21:46:33",
        "db": "PACKETSTORM",
        "id": "158134",
        "ident": null
      },
      {
        "date": "2020-08-18T16:16:40",
        "db": "PACKETSTORM",
        "id": "158899",
        "ident": null
      },
      {
        "date": "2020-08-18T16:40:06",
        "db": "PACKETSTORM",
        "id": "158908",
        "ident": null
      },
      {
        "date": "2020-08-03T17:14:20",
        "db": "PACKETSTORM",
        "id": "158720",
        "ident": null
      },
      {
        "date": "2020-08-10T14:27:06",
        "db": "PACKETSTORM",
        "id": "158806",
        "ident": null
      },
      {
        "date": "2020-06-01T16:50:28",
        "db": "PACKETSTORM",
        "id": "157889",
        "ident": null
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-000036",
        "ident": null
      },
      {
        "date": "2020-05-19T14:15:11.877000",
        "db": "NVD",
        "id": "CVE-2020-8616",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-10-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8616",
        "ident": null
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-000036",
        "ident": null
      },
      {
        "date": "2024-11-21T05:39:07.857000",
        "db": "NVD",
        "id": "CVE-2020-8616",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "XACK DNS Service operation interruption in  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000036"
      }
    ],
    "trust": 0.8
  }
}

CVE-2020-8616 (GCVE-0-2020-8616)

Vulnerability from cvelistv5 – Published: 2020-05-19 14:05 – Updated: 2024-09-16 23:55

Title

BIND does not sufficiently limit the number of fetches performed when processing referrals

Summary

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. BIND 9.0.0 -> 9.11.18, 9.12.0 -> 9.12.4-P2, 9.14.0 -> 9.14.11, 9.16.0 -> 9.16.2, and releases 9.17.0 -> 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -> 9.11.18-S1.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2020-8616	x_refsource_CONFIRM
	http://www.nxnsattack.com	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2020/05/19/4	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4689	vendor-advisoryx_refsource_DEBIAN
	https://security.netapp.com/advisory/ntap-2020052…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4365-2/	vendor-advisoryx_refsource_UBUNTU
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4365-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	ISC	BIND9	Affected: 9.0.0 -> 9.11.18, 9.12.0 -> 9.12.4-P2, 9.14.0 -> 9.14.11, 9.16.0 -> 9.16.2, and releases 9.17.0 -> 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -> 9.11.18-S1

Date Public ?

2020-05-19 00:00

Credits

ISC would like to thank Lior Shafir and Yehuda Afek of Tel Aviv University and Anat Bremler-Barr of Interdisciplinary Center (IDC) Herzliya for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2020-8616"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nxnsattack.com"
          },
          {
            "name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
          },
          {
            "name": "DSA-4689",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4689"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
          },
          {
            "name": "USN-4365-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4365-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
          },
          {
            "name": "USN-4365-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4365-1/"
          },
          {
            "name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
          },
          {
            "name": "FEDORA-2020-2d89cbcfd9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
          },
          {
            "name": "FEDORA-2020-f9dcd4e9d5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
          },
          {
            "name": "openSUSE-SU-2020:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
          },
          {
            "name": "openSUSE-SU-2020:1701",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Lior Shafir and Yehuda Afek of Tel Aviv University and Anat Bremler-Barr of Interdisciplinary Center (IDC) Herzliya for discovering and reporting this issue."
        }
      ],
      "datePublic": "2020-05-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response.  BIND 9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T11:06:38.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2020-8616"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nxnsattack.com"
        },
        {
          "name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
        },
        {
          "name": "DSA-4689",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4689"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
        },
        {
          "name": "USN-4365-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4365-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
        },
        {
          "name": "USN-4365-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4365-1/"
        },
        {
          "name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
        },
        {
          "name": "FEDORA-2020-2d89cbcfd9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
        },
        {
          "name": "FEDORA-2020-f9dcd4e9d5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
        },
        {
          "name": "openSUSE-SU-2020:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
        },
        {
          "name": "openSUSE-SU-2020:1701",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n    BIND 9.11.19\n    BIND 9.14.12\n    BIND 9.16.3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9.11.19-S1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "BIND does not sufficiently limit the number of fetches performed when processing referrals",
      "workarounds": [
        {
          "lang": "en",
          "value": "None"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "NSNSAttack",
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2020-05-19T08:59:44.000Z",
          "ID": "CVE-2020-8616",
          "STATE": "PUBLIC",
          "TITLE": "BIND does not sufficiently limit the number of fetches performed when processing referrals"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND9",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Lior Shafir and Yehuda Afek of Tel Aviv University and Anat Bremler-Barr of Interdisciplinary Center (IDC) Herzliya for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response.  BIND 9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2020-8616",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2020-8616"
            },
            {
              "name": "http://www.nxnsattack.com",
              "refsource": "MISC",
              "url": "http://www.nxnsattack.com"
            },
            {
              "name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
            },
            {
              "name": "DSA-4689",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4689"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200522-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
            },
            {
              "name": "USN-4365-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4365-2/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_12",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
            },
            {
              "name": "USN-4365-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4365-1/"
            },
            {
              "name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
            },
            {
              "name": "FEDORA-2020-2d89cbcfd9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
            },
            {
              "name": "FEDORA-2020-f9dcd4e9d5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
            },
            {
              "name": "openSUSE-SU-2020:1699",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2020:1701",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n    BIND 9.11.19\n    BIND 9.14.12\n    BIND 9.16.3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9.11.19-S1"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "None"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2020-8616",
    "datePublished": "2020-05-19T14:05:15.798Z",
    "dateReserved": "2020-02-05T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:55:28.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202005-1028

CVE-2020-8616 (GCVE-0-2020-8616)

Tags

Sightings

Nomenclature