Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2020-12662

Published: 19 May 2020

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Notes

AuthorNote
mdeslaur
intrusive backport to xenial

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
upstream
Released (1.10.1-1)
trusty Needed

bionic
Released (1.6.7-1ubuntu2.3)
eoan
Released (1.9.0-2ubuntu1.1)
xenial Needed

impish Not vulnerable
(1.10.1-1)
hirsute Not vulnerable
(1.10.1-1)
focal
Released (1.9.4-2ubuntu1.1)
groovy Not vulnerable
(1.10.1-1)
jammy Not vulnerable
(1.10.1-1)
kinetic Not vulnerable
(1.10.1-1)
lunar Not vulnerable
(1.10.1-1)
Patches:
upstream: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Binaries built from this source package are in Universe and so are supported by the community.

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H