CVE-2020-8620

Name of the Vulnerable Software and Affected Versions BIND versions 9.15.6 through 9.16.5 BIND versions 9.17.0 through 9.17.3

Description The issue is related to the libuv library in the BIND DNS server, which can be exploited by an attacker who can establish a TCP connection with the server and send data on that connection, causing the server to exit due to an assertion failure. This can be triggered by sending a specific set of packets to the TCP port on which the BIND server accepts connections, including large AXFR requests that can cause the libuv library to pass a size to the server that triggers the assertion check and process termination.

Recommendations For BIND versions 9.15.6 through 9.16.5, update to version 9.16.6 or later. For BIND versions 9.17.0 through 9.17.3, update to version 9.17.4 or later. As a temporary workaround, consider restricting access to the TCP port on which the BIND server accepts connections to minimize the risk of exploitation.