CVE-2020-12662

Published: 19 May 2020

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.1-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.10.1-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.10.1-1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1.9.4-2ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.6.7-1ubuntu2.3)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Binaries built from this source package are in Universe and so are supported by the community.