VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-e5ez-2bba-zke3

Essentials
Severities (8)
References (25)
Severity details (3)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-e5ez-2bba-zke3
Aliases	CVE-2020-8617
Summary	security update
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-617

Reachable Assertion

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json
epss	0.89736	https://api.first.org/data/v1/epss?cve=CVE-2020-8617
epss	0.89736	https://api.first.org/data/v1/epss?cve=CVE-2020-8617
epss	0.89827	https://api.first.org/data/v1/epss?cve=CVE-2020-8617
epss	0.92629	https://api.first.org/data/v1/epss?cve=CVE-2020-8617
epss	0.92629	https://api.first.org/data/v1/epss?cve=CVE-2020-8617
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	High	https://security.archlinux.org/AVG-1165

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-8617
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1836124		https://bugzilla.redhat.com/show_bug.cgi?id=1836124
961939		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939
ASA-202005-13		https://security.archlinux.org/ASA-202005-13
AVG-1165		https://security.archlinux.org/AVG-1165
CVE-2020-8617	Exploit	https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py
CVE-2020-8617	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py
RHSA-2020:2338		https://access.redhat.com/errata/RHSA-2020:2338
RHSA-2020:2344		https://access.redhat.com/errata/RHSA-2020:2344
RHSA-2020:2345		https://access.redhat.com/errata/RHSA-2020:2345
RHSA-2020:2383		https://access.redhat.com/errata/RHSA-2020:2383
RHSA-2020:2404		https://access.redhat.com/errata/RHSA-2020:2404
RHSA-2020:2893		https://access.redhat.com/errata/RHSA-2020:2893
RHSA-2020:3378		https://access.redhat.com/errata/RHSA-2020:3378
RHSA-2020:3379		https://access.redhat.com/errata/RHSA-2020:3379
RHSA-2020:3433		https://access.redhat.com/errata/RHSA-2020:3433
RHSA-2020:3470		https://access.redhat.com/errata/RHSA-2020:3470
RHSA-2020:3471		https://access.redhat.com/errata/RHSA-2020:3471
RHSA-2020:3475		https://access.redhat.com/errata/RHSA-2020:3475
USN-4365-1		https://usn.ubuntu.com/4365-1/
USN-4365-2		https://usn.ubuntu.com/4365-2/

Data source	Exploit-DB
Date added	May 27, 2020
Description	BIND - 'TSIG' Denial of Service
Ransomware campaign use	Unknown
Source publication date	May 20, 2020
Exploit type	dos
Platform	multiple
Source update date	May 27, 2020
Source URL	https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py

Data source	Metasploit
Description	A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c.
Note	Stability: - crash-service-down SideEffects: [] Reliability: []
Ransomware campaign use	Unknown
Source publication date	May 19, 2020
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/dns/bind_tsig_badtime.rb

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.99565
EPSS Score	0.89736
Published At	April 7, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T14:00:22.821359+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.0.0