VDB
CVE-2020-8620
CVE-2020-8620
PUBLISHED
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
EPSS 8.37% · 92.5th percentile
Risk Scores
EPSS Score
8.37%
92.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | bind9 | *, 0, 1:9.11.5.P4+dfsg-5.1ubuntu2 |
Exploit Intelligence
- CIRCL published-proof-of-concept: CVE-2020-8620 (circl-sighting)
- https://kb.isc.org/docs/cve-2020-8620 (circl)
- https://security.netapp.com/advisory/ntap-20200827-0003/ (circl)
- USN-4468-1 (circl)
- GLSA-202008-19 (circl)
- https://www.synology.com/security/advisory/Synology_SA_20_19 (circl)
- openSUSE-SU-2020:1699 (circl)
- openSUSE-SU-2020:1701 (circl)
Timeline
- Aug 20, 2020 CVE Published
- Aug 21, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8620 third-party-advisory
- https://kb.isc.org/docs/cve-2020-8620 third-party-advisory
- https://ubuntu.com/security/notices/USN-4468-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8620 third-party-advisory