{"id":"CVE-2020-8617","details":"Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.","modified":"2026-03-20T11:38:32.912693Z","published":"2020-05-19T14:15:11.987Z","related":["CGA-pwxh-p2rj-9p7f","MGASA-2020-0259","SUSE-SU-2020:1350-1","SUSE-SU-2020:14400-1","SUSE-SU-2020:1914-1","SUSE-SU-2020:2914-1","openSUSE-SU-2020:1699-1","openSUSE-SU-2020:1701-1","openSUSE-SU-2024:10650-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200522-0002/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4689"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4365-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4365-2/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"},{"type":"FIX","url":"https://kb.isc.org/docs/cve-2020-8617"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2020/05/19/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/isc-projects/bind9","events":[{"introduced":"0"},{"last_affected":"f8a0c0bed6ed629e314d22619510939c61d88b0e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.0"}]}},{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"19d6c56085e97cf4ac559cdc27edd624127bcb32"},{"last_affected":"bc6c00f15aab336c7467e3fbad977ce05cdf398e"},{"introduced":"71a40862c0be867999867cd99e21c2266a5e452b"},{"last_affected":"a953e08740c2d76cd69e3e9515e14544fa3a1dda"},{"introduced":"29b3a7d84240a51099490c0f39ae537f4e0d6a7a"},{"last_affected":"6491691ac4bec0dc59e3eeba2797d65527f3bcd6"},{"introduced":"d1e053ed8dff25af8af241cf5ee2c83bd41a25ad"},{"last_affected":"098f68799b79aa0c53dc60bf3759347c87a8ba25"},{"introduced":"031bca512d4788356de4cce6f3e61e6b1a878f9c"},{"last_affected":"fa2f16db89ddfb54c4a0e10d103a521e2fda2e0b"},{"introduced":"6270e602ea52209243475c4f1edbabe084e148f7"},{"last_affected":"b310dc7f5ec5458c5b831be99cdbac03e33be4a6"},{"introduced":"04ca7cc4b6993f47ea61852c759d047c83be7b3f"},{"last_affected":"deb57872b630b9957662cf443e1e0001ab0e7b73"},{"introduced":"0"},{"last_affected":"28e45cd00e2e1e621a2e97ba1ee6bdc6a4102e16"},{"introduced":"0"},{"last_affected":"1c59cea1c0e26e2da3f2afb90200bfe9f7748c03"},{"introduced":"0"},{"last_affected":"341e64a2de908ceec50ed46d243bf3402342735c"},{"introduced":"0"},{"last_affected":"fe1302d54424009769409e46c0d50c0bcccd1d31"},{"introduced":"0"},{"last_affected":"617639b7cc40ba9eb6fde2d98099726d50da812e"},{"introduced":"0"},{"last_affected":"eba38b89007f65bc6c1fdd2451034bbe3908b9a4"},{"introduced":"0"},{"last_affected":"19d6c56085e97cf4ac559cdc27edd624127bcb32"}],"database_specific":{"versions":[{"introduced":"9.0.0"},{"last_affected":"9.11.18"},{"introduced":"9.12.0"},{"last_affected":"9.12.4"},{"introduced":"9.13.0"},{"last_affected":"9.13.7"},{"introduced":"9.14.0"},{"last_affected":"9.14.11"},{"introduced":"9.15.0"},{"last_affected":"9.15.6"},{"introduced":"9.16.0"},{"last_affected":"9.16.2"},{"introduced":"9.17.0"},{"last_affected":"9.17.1"},{"introduced":"0"},{"last_affected":"9.12.4-p1"},{"introduced":"0"},{"last_affected":"9.9.3-s1"},{"introduced":"0"},{"last_affected":"9.10.5-s1"},{"introduced":"0"},{"last_affected":"9.10.7-s1"},{"introduced":"0"},{"last_affected":"9.11.3-s1"},{"introduced":"0"},{"last_affected":"9.11.6-s1"},{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["ondrej/008bfb6249a5f81d9e02ad4d39fda63fab57a0ad","ondrej/00ce93a69cd809810b82dbb229abf59d8e5850cc","ondrej/067f87f158b633e18a9c6fd0b038d1dc288bcb74","ondrej/074c7cc12c0eda40441926a8a96631c3176824a9","ondrej/1a1413ff5910ace7919bb8db0a1bb1f6e9c9ff7d","ondrej/2438db2eae8baf084615aff3b210ea51cd2f1fe1","ondrej/4098157e6ce98910ff99c58c41c6cf8069b79cc7","ondrej/4281aaab4503116fcf50caa348e1b5e7d414b742","ondrej/42e84e4b97be23f2b3754844e9d4478f48e92b48","ondrej/46caf5f4a4522d42480aee4d5949ea9546f98c2f","ondrej/4d292fc37ff5e99462756352c6028af7d0becf74","ondrej/4f369af51ede0e5ac7b3a14c451c5a41350a61cc","ondrej/53738634c3b511bd78e6626df95ae140631b080c","ondrej/6d06e7e7e585e30b419e4e20815cb8233c48f7b1","ondrej/6d1fdb850516a8d1fbfa853c56a1ef7627d54a72","ondrej/761b47a64845cb647d4fa3362be538eb0e7174d9","ondrej/840e56a979c3719ded668d5aaa04b1bddce465ef","ondrej/9cd2880a82f627bc44ab65fdaa19c2bcd9e61c96","ondrej/a42afbce2e34a5f990517fee7eab013c4adb8c0a","ondrej/a5f554959ec531712f6e14a8cb8c90d87cc27932","ondrej/b177581bb230d89821d1e2e5e91f93bee3fc4192","ondrej/b6298b394e9eaefcfa2458cd56c345d778e99b8e","ondrej/be1e6499742e241d71c7e79434e278a0c89d141b","ondrej/c63b7fad498dbe56710b655bd296a58abba64bb8","ondrej/d7e5f7903de06e504aac4a3822a41d69e159e370","ondrej/e00b13ac6e5a49434fbe534b0cab86b9ee4fbdb5","ondrej/f8a0c0bed6ed629e314d22619510939c61d88b0e","ondrej/fb07c38697c9f4f76dcb921487c4f96813c99b69","v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.10.0b2","v9.10.0rc1","v9.11.0a1","v9.11.0a2","v9.11.0a3","v9.12.0a1","v9.12.0b1","v9.12.0b2","v9.12.0rc1","v9.13.0","v9.13.2","v9.13.3","v9.13.4","v9.13.5","v9.13.6","v9.15.0","v9.15.2","v9.15.3","v9.15.4","v9.15.5","v9.15.6","v9.15.7","v9.15.8","v9.17.4","v9.19.0","v9.19.1","v9.19.10","v9.19.11","v9.19.12","v9.19.13","v9.19.14","v9.19.15","v9.19.16","v9.19.17","v9.19.18","v9.19.19","v9.19.2","v9.19.21","v9.19.22","v9.19.23","v9.19.24","v9.19.3","v9.19.4","v9.19.5","v9.19.6","v9.19.7","v9.19.8","v9.19.9","v9.20.0","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8617.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.12.4-p2"}]},{"events":[{"introduced":"0"},{"last_affected":"9.11.5-s3"}]},{"events":[{"introduced":"0"},{"last_affected":"9.11.5-s5"}]},{"events":[{"introduced":"0"},{"last_affected":"9.11.7-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"9.11.8-s1"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}