CVE-2020-12663Infinite Loop in Unbound

CWE-835Infinite LoopCWE-20Improper Input Validation13 documents10 sources
Severity
7.5HIGHNVD
EPSS
9.1%
top 7.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Nlnetlabs UnboundCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedMay 19
Latest updateMay 24

Description

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDnlnetlabs/unbound< 1.10.1
Debiannlnetlabs/unbound< 1.10.1-1+3
Ubuntunlnetlabs/unbound< 1.6.7-1ubuntu2.3+1
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32, Ubuntu Linux 18.04, 19.10, 20.04

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-rhjg-fh2p-jpv5: Unbound before 12022-05-24
OSV
unbound vulnerabilities2020-05-27
OSV
CVE-2020-12663: Unbound before 12020-05-19
CVEList
CVE-2020-12663: Unbound before 12020-05-19

📋Vendor Advisories

5
BSD
FreeBSD-SA-20:19.unbound: Multiple vulnerabilities in unbound2020-07-08
Ubuntu
Unbound vulnerabilities2020-05-27
Red Hat
unbound: infinite loop via malformed DNS answers received from upstream servers2020-05-19
Microsoft
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.2020-05-12
Debian
CVE-2020-12663: unbound - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received fr...2020

💬Community

2
Bugzilla
CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers [fedora-all]2020-05-19
Bugzilla
CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers2020-05-19
CVE-2020-12663 — Infinite Loop in Nlnetlabs Unbound | cvebase