Vulnerabilities > CVE-2020-8618 - Reachable Assertion vulnerability in multiple products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2020-06-17

Updated: 2022-10-07

Summary

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

Vulnerable Configurations

Part	Description	Count
Application	Isc ISC Bind 9.16.0 ISC Bind 9.16.1 ISC Bind 9.16.2 ISC Bind 9.16.3	4
Application	Netapp Netapp Steelstore Cloud Integrated Storage -	1
OS	Opensuse Opensuse Leap 15.1 Opensuse Leap 15.2	2
OS	Canonical Canonical Ubuntu Linux 20.04	1

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://kb.isc.org/docs/cve-2020-8618
https://security.netapp.com/advisory/ntap-20200625-0003/
https://usn.ubuntu.com/4399-1/
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html