| VID |
19093 |
| Severity |
30 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
According to its self-reported version number, the installation of ISC BIND running on the remote name server is version 9.15.6 prior to 9.16.6 or 9.17.x prior to 9.17.4. It is, therefore, affected by a denial of service (DoS) vulnerability due to an incorrectly specified maximum buffer size. An unauthenticated, remote attacker can exploit this issue by sending a specially crafted large TCP payload to trigger an assertion failure, causing the server to exit.
* References:
https://kb.isc.org/docs/cve-2020-8620
* Platforms Affected:
ISC BIND versions prior to 9.16.6
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version ISC BIND (9.16.6 or later) |
| Related URL |
CVE-2020-8620 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
