CVE-2020-12662
Published: 19 May 2020
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
unbound Launchpad, Ubuntu, Debian |
bionic |
Released
(1.6.7-1ubuntu2.3)
|
| eoan |
Released
(1.9.0-2ubuntu1.1)
|
|
| focal |
Released
(1.9.4-2ubuntu1.1)
|
|
| groovy |
Not vulnerable
(1.10.1-1)
|
|
| hirsute |
Not vulnerable
(1.10.1-1)
|
|
| impish |
Not vulnerable
(1.10.1-1)
|
|
| jammy |
Not vulnerable
(1.10.1-1)
|
|
| precise |
Does not exist
|
|
| trusty |
Needed
|
|
| upstream |
Released
(1.10.1-1)
|
|
| xenial |
Needed
|
Notes
| Author | Note |
|---|---|
| mdeslaur | intrusive backport to xenial |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12662
- https://www.openwall.com/lists/oss-security/2020/05/19/5
- https://ubuntu.com/security/notices/USN-4374-1
- NVD
- Launchpad
- Debian