CVE-2020-8621

Name of the Vulnerable Software and Affected Versions BIND versions 9.14.0 through 9.16.5 BIND versions 9.17.0 through 9.17.3

Description The issue arises when a server is configured with both QNAME minimization and 'forward first'. An attacker who can send queries to the server may be able to trigger a condition that causes the server to crash. This does not affect servers that 'forward only'. The vulnerability is due to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For BIND versions 9.14.0 through 9.16.5, consider disabling QNAME minimization when 'forward first' is configured to prevent the server from crashing. For BIND versions 9.17.0 through 9.17.3, consider disabling QNAME minimization when 'forward first' is configured to prevent the server from crashing. As a temporary workaround, consider restricting the 'forward first' configuration to minimize the risk of exploitation.