As per upstream advisory: An assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer. An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. This flaw only affects bind-9.16 branch, other versions are not affected.
Acknowledgments: Name: ISC
Statement: This flaw only affects bind-9.16.x, therefore versions of BIND shipped with Red Hat Products are not affected by this flaw.
External References: https://kb.isc.org/docs/cve-2020-8618
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8618
Hi Huzaifa, (In reply to Huzaifa S. Sidhpurwala from comment #6) > Upstream bug: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718 > Upstream commit: > https://gitlab.isc.org/isc-projects/bind9/-/commit/ > 569cc155b8680d8ed12db1fabbe20947db24a0f9 In the above references the upstream bug seem actually for CVE-2020-8619. Not sure about the commit. Regards, Salvatore
(In reply to Salvatore Bonaccorso from comment #7) > Hi Huzaifa, > > (In reply to Huzaifa S. Sidhpurwala from comment #6) > > Upstream bug: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718 > > Upstream commit: > > https://gitlab.isc.org/isc-projects/bind9/-/commit/ > > 569cc155b8680d8ed12db1fabbe20947db24a0f9 > > In the above references the upstream bug seem actually for CVE-2020-8619. > Not sure about the commit. The upstream issue is at https://gitlab.isc.org/isc-projects/bind9/-/issues/1850
(In reply to Salvatore Bonaccorso from comment #7) > Hi Huzaifa, > > (In reply to Huzaifa S. Sidhpurwala from comment #6) > > Upstream bug: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718 > > Upstream commit: > > https://gitlab.isc.org/isc-projects/bind9/-/commit/ > > 569cc155b8680d8ed12db1fabbe20947db24a0f9 > > In the above references the upstream bug seem actually for CVE-2020-8619. > Not sure about the commit. > > Regards, > Salvatore Yes, thanks for noticing.