Launchpad CVE tracker

CVE 2020-8621

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

Related bugs and status

CVE-2020-8621 (Candidate) is related to these bugs:

Bug #1896740: BIND crashes with failed assertion INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain))

Summary				In	Importance	Status
	1896740	BIND crashes with failed assertion INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain))		bind9 (Ubuntu)	Undecided	Fix Released
	1896740	BIND crashes with failed assertion INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain))		bind9 (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://kb.isc.org/doc...
CONFIRM: https://security.netap...
UBUNTU: USN-4468-1
GENTOO: GLSA-202008-19
CONFIRM: https://www.synology.c...
SUSE: openSUSE-SU-2020:1699
SUSE: openSUSE-SU-2020:1701

Launchpad.net

CVE 2020-8621

Related bugs and status

Related bugs

References