CVE Vulnerabilities

CVE-2020-8622

Reachable Assertion

Published: Aug 21, 2020 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

Weakness

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Software

Name Vendor Start Version End Version
Bind Isc 9.0.0 (including) 9.11.21 (including)
Bind Isc 9.12.0 (including) 9.16.5 (including)
Bind Isc 9.17.0 (including) 9.17.3 (including)
Red Hat Enterprise Linux 6 RedHat bind-32:9.8.2-0.68.rc1.el6_10.8 *
Red Hat Enterprise Linux 7 RedHat bind-32:9.11.4-26.P2.el7_9.2 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat bind-32:9.9.4-74.el7_6.5 *
Red Hat Enterprise Linux 7.7 Extended Update Support RedHat bind-32:9.11.4-9.P2.el7_7.3 *
Red Hat Enterprise Linux 8 RedHat bind-32:9.11.20-5.el8 *
Red Hat Enterprise Linux 8 RedHat bind-32:9.11.20-5.el8 *
Bind9 Ubuntu bionic *
Bind9 Ubuntu devel *
Bind9 Ubuntu focal *
Bind9 Ubuntu trusty *
Bind9 Ubuntu trusty/esm *
Bind9 Ubuntu xenial *

Extended Description

While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.

Potential Mitigations

References