CVE-2020-8616

Priority
Description
A malicious actor who intentionally exploits this lack of effective
limitation on the number of fetches performed when processing referrals
can, through the use of specially crafted referrals, cause a recursing
server to issue a very large number of fetches in an attempt to process the
referral. This has at least two potential effects: The performance of the
recursing server can potentially be degraded by the additional work
required to perform these fetches, and The attacker can exploit this
behavior to use the recursing server as a reflector in a reflection attack
with a high amplification factor.
Assigned-to
mdeslaur
Notes
Package
Source: bind9 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1:9.8.1.dfsg.P1-4ubuntu0.30)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:9.9.5.dfsg-3ubuntu0.19+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:9.10.3.dfsg.P4-8ubuntu1.16)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:9.11.3+dfsg-1ubuntu1.12)
Ubuntu 19.10 (Eoan Ermine):released (1:9.11.5.P4+dfsg-5.1ubuntu2.2)
Ubuntu 20.04 LTS (Focal Fossa):released (1:9.16.1-0ubuntu2.1)
Ubuntu 20.10 (Groovy Gorilla):released (1:9.16.1-0ubuntu3)
More Information

Updated: 2020-05-29 19:22:18 UTC (commit 2d0d387aa141e969cc1ddbb230ab2faa3ee568d5)