Intrusion Prevention

ISC.BIND.TSIG.Assertion.Failure.DoS

Description

This indicates an attack attempt to exploit a Denial Of Service Vulnerability in ISC BIND.
The vulnerability is due to a fault in the DNS protocol when handling a crafted packet. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

ISC BIND 9.0.0 - 9.11.18
ISC BIND 9.12.0 - 9.12.4-P2
ISC BIND 9.14.0 - 9.14.11
ISC BIND 9.16.0 - 9.16.2
ISC BIND 9.17.0 - 9.17.1 of the 9.17 experimental development branch
All releases in the obsolete 9.13 and 9.15 development branches.
All releases of BIND Supported Preview Edition from 9.9.3-S1 to 9.11.18-S1

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
https://kb.isc.org/docs/cve-2020-8617

CVE References

CVE-2020-8617