---

CVE-2020-8618 - log back

CVE-2020-8618 edited at 18 Jun 2020 08:20:35
References	https://kb.isc.org/docs/cve-2020-8618 + https://gitlab.isc.org/isc-projects/bind9/-/issues/1850

CVE-2020-8618 edited at 18 Jun 2020 08:19:13
References	https://kb.isc.org/docs/cve-2020-8618 - https://github.com/isc-projects/bind9/commit/c3dcab5f13547b397110b960d0840406fa958f50

CVE-2020-8618 edited at 18 Jun 2020 07:52:09
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ An assertion check in BIND before 9.16.4 (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer. An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
References	+ https://kb.isc.org/docs/cve-2020-8618 + https://github.com/isc-projects/bind9/commit/c3dcab5f13547b397110b960d0840406fa958f50
Notes

CVE-2020-8618 created at 18 Jun 2020 07:44:52