Products

Solutions

Company

Book A Live Demo

CVE-2020-8623 : Security Advisory and Response

Learn about CVE-2020-8623 affecting BIND versions 9.10.0 to 9.11.21, 9.12.0 to 9.16.5, and 9.17.0 to 9.17.3. Upgrade to secure versions and follow mitigation steps.

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, an attacker can trigger a crash by sending a specially crafted query packet to a vulnerable system.

Understanding CVE-2020-8623

This CVE involves a flaw in native PKCS#11 code that can lead to a remotely triggerable assertion failure in pk11.c.

What is CVE-2020-8623?

This vulnerability affects BIND versions 9.10.0 to 9.11.21, 9.12.0 to 9.16.5, and 9.17.0 to 9.17.3, including specific versions of the BIND 9 Supported Preview Edition. An attacker exploiting this flaw can crash the system by sending a specially crafted query packet.

The Impact of CVE-2020-8623

CVSS Base Score:

Attack Vector:

Attack Complexity:

Availability Impact:

Privileges Required:

Scope:

User Interaction:

Confidentiality & Integrity Impact:

Technical Details of CVE-2020-8623

This section provides more in-depth technical information about the vulnerability.

Vulnerability Description

If BIND is built with "--enable-native-pkcs11," a specially crafted query for a zone signed with RSA can trigger an assertion failure.

Affected Systems and Versions

BIND 9.10.0 to 9.11.21

BIND 9.12.0 to 9.16.5

BIND 9.17.0 to 9.17.3

BIND Supported Preview Edition 9.10.5-S1 to 9.11.21-S1

Exploitation Mechanism

An attacker must send a specially crafted query packet to a vulnerable system running BIND built with "--enable-native-pkcs11" and signing zones with an RSA key.

Mitigation and Prevention

To address CVE-2020-8623, follow these mitigation strategies:

Immediate Steps to Take

Upgrade to the patched release closest to your current BIND version: BIND 9.11.22, BIND 9.16.6, BIND 9.17.4

Long-Term Security Practices

Regularly update BIND to the latest version

Implement network segmentation to limit exposure

Monitor for unusual DNS query activities

Patching and Updates

Upgrade to the recommended patched releases

Consider using BIND Supported Preview Edition for eligible ISC support customers

CVE-2020-8623 : Security Advisory and Response

Understanding CVE-2020-8623

What is CVE-2020-8623?

The Impact of CVE-2020-8623

Technical Details of CVE-2020-8623

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2020-8623 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2020-8623

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2020-8623?

The Impact of CVE-2020-8623

Technical Details of CVE-2020-8623

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2020-8623

What is CVE-2020-8623?

Is your System Free of Underlying Vulnerabilities?
Find Out Now