ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability

Peter Davies peter.watson.davies at outlook.com
Thu Jun 10 09:57:11 UTC 2021


Hi Josef,
  Was it Hi Josef,
  Was it "CVE-2020-8622: A truncated TSIG response can lead to an assertion failure" you were thinking of?

https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5
[https://cdn.document360.io/956e37e2-5ec0-4942-8b27-35533899f099/Images/Documentation/ISC-logo-rgb-2048x1149.png]<https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5>
CVE-2020-8622: A truncated TSIG response can lead to an assertion failure - Security Advisories<https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5>
kb.isc.org


Kind Regards Peter
Sent from Outlook<http://aka.ms/weboutlook>
________________________________
From: bind-workers <bind-workers-bounces at lists.isc.org> on behalf of Josef Moellers <jmoellers at suse.de>
Sent: 10 June 2021 11:43
To: bind-workers at lists.isc.org <bind-workers at lists.isc.org>
Subject: ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability

Hi,

Some time ago, this vulnerability was disclosed, but I cannot find any
trace of the fix for this in the latest CHANGES file.

As I need to backport the fix to older versions, can anyone describe
where and how this was fixed?

Thanks and ... stay safe!

Josef

--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer

_______________________________________________
bind-workers mailing list
bind-workers at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-workers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20210610/60d2cc47/attachment.htm>


More information about the bind-workers mailing list