CVE-2020-8618

Summary

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

Affected Software

VendorProductVersion RangeStatus
ISCBIND99.16.0 -> 9.16.3affected

Weaknesses

  • An assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer. Versions affected: BIND 9.16.0 -> 9.16.3

Workarounds

None

ADP Enrichment

CVE Program Container

Additional References

References