CVE-2020-8621: 
NixOS vulnerability analysis and mitigation

CVE-2020-8621 is a vulnerability discovered in BIND versions 9.14.0 through 9.16.5 and 9.17.0 through 9.17.3. The vulnerability affects servers configured with both QNAME minimization and 'forward first' settings, where an attacker who can send queries to the server may trigger a condition causing it to crash. Notably, servers configured with 'forward only' are not affected by this vulnerability (CVE Details).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability specifically occurs in scenarios where BIND is configured with both QNAME minimization and 'forward first' settings enabled simultaneously (NetApp Advisory).

When successfully exploited, this vulnerability can lead to a denial of service condition by causing the BIND server to crash. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (Ubuntu Security).

The vulnerability has been fixed in BIND version 9.16.6. System administrators are advised to upgrade to this version or later. For Ubuntu systems, specific package versions have been released: Ubuntu 20.04 LTS users should upgrade to bind9 version 1:9.16.1-0ubuntu2.3. Earlier Ubuntu versions (18.04 LTS and 16.04 LTS) are not affected by this vulnerability (Ubuntu Notice).