CVE-2020-8616

Exploit

EPSS 5.94%
Veröffentlicht 19.05.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 05:39:07
Quelle security-officer@isc.org
Teams Watchlist Login
Unerledigt Login

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Bind Version >= 9.0.0 <= 9.11.18

Isc ≫ Bind Version >= 9.12.0 <= 9.12.4

Isc ≫ Bind Version >= 9.13.0 <= 9.13.7

Isc ≫ Bind Version >= 9.14.0 <= 9.14.11

Isc ≫ Bind Version >= 9.15.0 <= 9.15.6

Isc ≫ Bind Version >= 9.16.0 <= 9.16.2

Isc ≫ Bind Version >= 9.17.0 <= 9.17.1

Isc ≫ Bind Version9.12.4 Updatep1

Isc ≫ Bind Version9.12.4 Updatep2

Isc ≫ Bind Version9.9.3 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.10.5 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.10.7 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.3 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates3 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates5 SwEditionsupported_preview

Isc ≫ Bind Version9.11.6 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.7 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.8 Updates1 SwEditionsupported_preview

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.94%	0.903

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

https://www.debian.org/security/2020/dsa-4689

Third Party Advisory

http://www.nxnsattack.com

Third Party Advisory

Exploit

https://www.synology.com/security/advisory/Synology_SA_20_12

http://www.openwall.com/lists/oss-security/2020/05/19/4

Patch

Third Party Advisory

Mailing List