What is CVE-2020-8625?

CVE-2020-8625 is a high-severity vulnerability in Isc Bind9. CVSS score: 8.1/10. Published 2021-02-17.

How severe is CVE-2020-8625?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2020-8625 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Isc Bind9

CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vu…

EPSS: 0.252 (96.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Isc Bind9 — versions Open Source Branches 9.5 though 9.11 9.5.0 through versions before 9.11.28, Open Source Branches 9.12 though 9.16 9.12.0 through versions before 9.16.12, Supported Preview Branch 9.11-S 9.11.3-S1 through versions before 9.11.28-S1

Public proof-of-concept exploits

References

kb.isc.org/v1/docs/cve-2020-8625 (x_refsource_CONFIRM)
DSA-4857 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20210218 BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination (mailing-list, x_refsource_MLIST)
[debian-lts-announce] 20210219 [SECURITY] [DLA 2568-1] bind9 security update (mailing-list, x_refsource_MLIST)
[oss-security] 20210220 BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 (mailing-list, x_refsource_MLIST)
www.zerodayinitiative.com/advisories/ZDI-21-195/ (x_refsource_MISC)
FEDORA-2021-0595625865 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2021-28f97e232d (vendor-advisory, x_refsource_FEDORA)
security.netapp.com/advisory/ntap-20210319-0001/ (x_refsource_CONFIRM)
FEDORA-2021-8b4744f152 (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2020-8625?: CVE-2020-8625 is a high-severity vulnerability in Isc Bind9. CVSS score: 8.1/10. Published 2021-02-17.
How severe is CVE-2020-8625?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2020-8625 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.