CVE-2020-8616

Exploit

EPSS 5.94%
Published 19.05.2020 14:15:11
Last modified 21.11.2024 05:39:07
Source security-officer@isc.org
Teams watchlist Login
Open Login

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

Affected products Warnungen 0 Metrics 4 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version >= 9.0.0 <= 9.11.18

Isc ≫ Bind Version >= 9.12.0 <= 9.12.4

Isc ≫ Bind Version >= 9.13.0 <= 9.13.7

Isc ≫ Bind Version >= 9.14.0 <= 9.14.11

Isc ≫ Bind Version >= 9.15.0 <= 9.15.6

Isc ≫ Bind Version >= 9.16.0 <= 9.16.2

Isc ≫ Bind Version >= 9.17.0 <= 9.17.1

Isc ≫ Bind Version9.12.4 Updatep1

Isc ≫ Bind Version9.12.4 Updatep2

Isc ≫ Bind Version9.9.3 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.10.5 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.10.7 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.3 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates3 SwEditionsupported_preview

Isc ≫ Bind Version9.11.5 Updates5 SwEditionsupported_preview

Isc ≫ Bind Version9.11.6 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.7 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.8 Updates1 SwEditionsupported_preview

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.94%	0.903

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-officer@isc.org	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

https://www.debian.org/security/2020/dsa-4689

Third Party Advisory

http://www.nxnsattack.com

Third Party Advisory

Exploit

https://www.synology.com/security/advisory/Synology_SA_20_12

http://www.openwall.com/lists/oss-security/2020/05/19/4

Patch

Third Party Advisory

Mailing List