CVE-2020-12662 — Uncontrolled Resource Consumption in Unbound
Severity
7.5HIGHNVD
EPSS
15.5%
top 5.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 19
Latest updateMay 24
Description
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32, Ubuntu Linux 18.04, 19.10, 20.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
6Red Hat▶
unbound: amplification of an incoming query into a large number of queries directed to a target↗2020-05-19
Microsoft▶
Unbound before 1.10.1 has Insufficient Control of Network Message Volume aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.↗2020-05-12
💬Community
4Bugzilla▶
CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target [fedora-all]↗2020-05-19
Bugzilla▶
CVE-2020-12662 unbound: amplification of an incoming query into a large number of queries directed to a target↗2020-05-19
Bugzilla▶
CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers↗2020-05-19