{"id":"CVE-2020-8617","details":"Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.","modified":"2026-05-28T04:06:17.944994380Z","published":"2020-05-19T14:15:11.987Z","related":["CGA-pwxh-p2rj-9p7f","SUSE-SU-2020:1350-1","SUSE-SU-2020:14400-1","SUSE-SU-2020:1914-1","SUSE-SU-2020:2914-1","openSUSE-SU-2020:1699-1","openSUSE-SU-2020:1701-1","openSUSE-SU-2024:10650-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"],"vendor_product":"canonical:ubuntu_linux","source":"CPE_STRING","extracted_events":[{"last_affected":"12.04"},{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"19.10"},{"last_affected":"20.04"}]},{"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","source":"CPE_STRING","extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"},{"last_affected":"10.0"}]},{"cpes":["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora","source":"CPE_STRING","extracted_events":[{"last_affected":"31"},{"last_affected":"32"}]},{"cpes":["cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.12.4:p2:*:*:*:*:*:*"],"vendor_product":"isc:bind","source":"CPE_STRING","extracted_events":[{"last_affected":"9.12.4-p2"},{"last_affected":"9.12.4-p2"},{"last_affected":"9.11.5-s3"},{"last_affected":"9.11.5-s3"},{"last_affected":"9.11.5-s5"},{"last_affected":"9.11.5-s5"},{"last_affected":"9.11.7-s1"},{"last_affected":"9.11.7-s1"},{"last_affected":"9.11.8-s1"},{"last_affected":"9.11.8-s1"}]},{"cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"],"vendor_product":"opensuse:leap","source":"CPE_STRING","extracted_events":[{"last_affected":"15.1"},{"last_affected":"15.2"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200522-0002/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4365-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4365-2/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4689"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2020/05/19/4"},{"type":"FIX","url":"https://kb.isc.org/docs/cve-2020-8617"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/isc-projects/bind9","events":[{"introduced":"19d6c56085e97cf4ac559cdc27edd624127bcb32"},{"last_affected":"bc6c00f15aab336c7467e3fbad977ce05cdf398e"},{"introduced":"71a40862c0be867999867cd99e21c2266a5e452b"},{"last_affected":"a953e08740c2d76cd69e3e9515e14544fa3a1dda"},{"introduced":"29b3a7d84240a51099490c0f39ae537f4e0d6a7a"},{"last_affected":"6491691ac4bec0dc59e3eeba2797d65527f3bcd6"},{"introduced":"d1e053ed8dff25af8af241cf5ee2c83bd41a25ad"},{"last_affected":"098f68799b79aa0c53dc60bf3759347c87a8ba25"},{"introduced":"031bca512d4788356de4cce6f3e61e6b1a878f9c"},{"last_affected":"fa2f16db89ddfb54c4a0e10d103a521e2fda2e0b"},{"introduced":"6270e602ea52209243475c4f1edbabe084e148f7"},{"last_affected":"b310dc7f5ec5458c5b831be99cdbac03e33be4a6"},{"introduced":"04ca7cc4b6993f47ea61852c759d047c83be7b3f"},{"last_affected":"deb57872b630b9957662cf443e1e0001ab0e7b73"},{"introduced":"0"},{"last_affected":"28e45cd00e2e1e621a2e97ba1ee6bdc6a4102e16"},{"last_affected":"1c59cea1c0e26e2da3f2afb90200bfe9f7748c03"},{"last_affected":"341e64a2de908ceec50ed46d243bf3402342735c"},{"last_affected":"fe1302d54424009769409e46c0d50c0bcccd1d31"},{"last_affected":"617639b7cc40ba9eb6fde2d98099726d50da812e"},{"last_affected":"eba38b89007f65bc6c1fdd2451034bbe3908b9a4"}],"database_specific":{"extracted_events":[{"introduced":"9.0.0"},{"last_affected":"9.11.18"},{"introduced":"9.12.0"},{"last_affected":"9.12.4"},{"introduced":"9.13.0"},{"last_affected":"9.13.7"},{"introduced":"9.14.0"},{"last_affected":"9.14.11"},{"introduced":"9.15.0"},{"last_affected":"9.15.6"},{"introduced":"9.16.0"},{"last_affected":"9.16.2"},{"introduced":"9.17.0"},{"last_affected":"9.17.1"},{"introduced":"0"},{"last_affected":"9.12.4-p1"},{"last_affected":"9.9.3-s1"},{"last_affected":"9.10.5-s1"},{"last_affected":"9.10.7-s1"},{"last_affected":"9.11.3-s1"},{"last_affected":"9.11.6-s1"}],"cpe":["cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.12.4:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*"],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["v9.17.1","v9.16.2","v9.11.18","v9.11.16","v9.14.11","v9.16.0","v9.15.8","v9.15.7","v9.11.14","v9.14.9","v9.15.6","v9.11.11","v9.14.6","v9.15.4","v9.15.3","v9.11.9","v9.14.4","v9.15.2","v9.11.7","v9.14.2","v9.15.0","v9.11.6-P1","v9.11.6","v9.12.4-P1","v9.12.4","v9.14.0rc1","v9.12.4rc1","v9.11.6rc1","v9.13.7","v9.13.6","v9.13.5","v9.13.4","v9.13.3","v9.12.2","v9.11.4","v9.13.2","v9.12.2rc2","v9.11.4rc2","v9.13.0","v9.11.3rc1","v9.12.1rc1","v9.12.1b1","v9.10.7b1","v9.11.3b1","v9.12.0rc1","v9.12.0b2","v9.12.0b1","v9.12.0a1","v9.10.6rc1","v9.11.2rc1","v9.10.6b1","v9.11.2b1","v9.10.5","v9.11.1","v9.10.5rc3","v9.11.1rc3","v9.10.5rc2","v9.11.1rc2","v9.10.5rc1","v9.11.1rc1","v9.11.1b1","v9.10.5b1","v9.11.0","v9.11.0rc3","v9.11.0rc2","v9.11.0rc1","v9.11.0b3","v9.11.0b2","v9.11.0b1","v9.11.0a3","v9.11.0a2","v9.10.4","v9.10.4rc1","v9.10.4b3","v9.11.0a1","v9.10.4b2","v9.10.4b1","v9.10.3","v9.10.3rc1","v9.10.3b1","v9.10.2","v9.10.2rc2","v9.10.2rc1","v9.10.2b1","v9.10.1","v9.10.1rc2","v9.10.1rc1","v9.10.1b2","v9.10.1b1","v9.10.0rc2","v9.10.0rc1","v9.10.0b2","v9.10.0b1","v9.10.0a2","v9.10.0a1","v9.9.3b1","v9.9.2rc1","v9.9.2b1","v9.9.1","v9.9.0","v9.9.0rc4","v9.9.0rc3","v9.7.0a1","v9.5.0a6","v9.5.0a5","v9.5.0a4","v9.5.0a3","v9.5.0a2","v9.5.0a1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8617.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"19d6c56085e97cf4ac559cdc27edd624127bcb32"},{"last_affected":"bc6c00f15aab336c7467e3fbad977ce05cdf398e"},{"introduced":"71a40862c0be867999867cd99e21c2266a5e452b"},{"last_affected":"a953e08740c2d76cd69e3e9515e14544fa3a1dda"},{"introduced":"29b3a7d84240a51099490c0f39ae537f4e0d6a7a"},{"last_affected":"6491691ac4bec0dc59e3eeba2797d65527f3bcd6"},{"introduced":"d1e053ed8dff25af8af241cf5ee2c83bd41a25ad"},{"last_affected":"098f68799b79aa0c53dc60bf3759347c87a8ba25"},{"introduced":"031bca512d4788356de4cce6f3e61e6b1a878f9c"},{"last_affected":"fa2f16db89ddfb54c4a0e10d103a521e2fda2e0b"},{"introduced":"6270e602ea52209243475c4f1edbabe084e148f7"},{"last_affected":"b310dc7f5ec5458c5b831be99cdbac03e33be4a6"},{"introduced":"04ca7cc4b6993f47ea61852c759d047c83be7b3f"},{"last_affected":"deb57872b630b9957662cf443e1e0001ab0e7b73"},{"introduced":"0"},{"last_affected":"28e45cd00e2e1e621a2e97ba1ee6bdc6a4102e16"},{"last_affected":"1c59cea1c0e26e2da3f2afb90200bfe9f7748c03"},{"last_affected":"341e64a2de908ceec50ed46d243bf3402342735c"},{"last_affected":"fe1302d54424009769409e46c0d50c0bcccd1d31"},{"last_affected":"617639b7cc40ba9eb6fde2d98099726d50da812e"},{"last_affected":"eba38b89007f65bc6c1fdd2451034bbe3908b9a4"}],"database_specific":{"extracted_events":[{"introduced":"9.0.0"},{"last_affected":"9.11.18"},{"introduced":"9.12.0"},{"last_affected":"9.12.4"},{"introduced":"9.13.0"},{"last_affected":"9.13.7"},{"introduced":"9.14.0"},{"last_affected":"9.14.11"},{"introduced":"9.15.0"},{"last_affected":"9.15.6"},{"introduced":"9.16.0"},{"last_affected":"9.16.2"},{"introduced":"9.17.0"},{"last_affected":"9.17.1"},{"introduced":"0"},{"last_affected":"9.12.4-p1"},{"last_affected":"9.9.3-s1"},{"last_affected":"9.10.5-s1"},{"last_affected":"9.10.7-s1"},{"last_affected":"9.11.3-s1"},{"last_affected":"9.11.6-s1"}],"cpe":["cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.12.4:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*","cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*"],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["v9.17.1","v9.16.2","v9.11.18","v9.11.16","v9.14.11","v9.16.0","v9.15.8","v9.15.7","v9.11.14","v9.14.9","v9.15.6","v9.11.11","v9.14.6","v9.15.4","v9.15.3","v9.11.9","v9.14.4","v9.15.2","v9.11.7","v9.14.2","v9.15.0","v9.11.6-P1","v9.11.6","v9.12.4-P1","v9.12.4","v9.14.0rc1","v9.12.4rc1","v9.11.6rc1","v9.13.7","v9.13.6","v9.13.5","v9.13.4","v9.13.3","v9.12.2","v9.11.4","v9.13.2","v9.12.2rc2","v9.11.4rc2","v9.13.0","v9.11.3rc1","v9.12.1rc1","v9.12.1b1","v9.10.7b1","v9.11.3b1","v9.12.0rc1","v9.12.0b2","v9.12.0b1","v9.12.0a1","v9.10.6rc1","v9.11.2rc1","v9.10.6b1","v9.11.2b1","v9.10.5","v9.11.1","v9.10.5rc3","v9.11.1rc3","v9.10.5rc2","v9.11.1rc2","v9.10.5rc1","v9.11.1rc1","v9.11.1b1","v9.10.5b1","v9.11.0","v9.11.0rc3","v9.11.0rc2","v9.11.0rc1","v9.11.0b3","v9.11.0b2","v9.11.0b1","v9.11.0a3","v9.11.0a2","v9.10.4","v9.10.4rc1","v9.10.4b3","v9.11.0a1","v9.10.4b2","v9.10.4b1","v9.10.3","v9.10.3rc1","v9.10.3b1","v9.10.2","v9.10.2rc2","v9.10.2rc1","v9.10.2b1","v9.10.1","v9.10.1rc2","v9.10.1rc1","v9.10.1b2","v9.10.1b1","v9.10.0rc2","v9.10.0rc1","v9.10.0b2","v9.10.0b1","v9.10.0a2","v9.10.0a1","v9.9.3b1","v9.9.2rc1","v9.9.2b1","v9.9.1","v9.9.0","v9.9.0rc4","v9.9.0rc3","v9.7.0a1","v9.5.0a6","v9.5.0a5","v9.5.0a4","v9.5.0a3","v9.5.0a2","v9.5.0a1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8617.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}