CVE-2020-8619 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-8619 PUBLISHED

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.

EPSS 6.93% · 91.3th percentile

Risk Scores

EPSS Score

6.93%

91.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	bind9	0, 1:9.11.5.P4+dfsg-5.1ubuntu2, 1:9.11.5.P4+dfsg-5.1ubuntu3

Timeline

Jun 17, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-8619 third-party-advisory
https://kb.isc.org/docs/cve-2020-8619 third-party-advisory
https://ubuntu.com/security/notices/USN-4399-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-8619 third-party-advisory

Open in Interactive Console →