CVE-2020-12662
Published: 19 May 2020
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
unbound Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.10.1-1)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(1.10.1-1)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(1.10.1-1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(1.9.4-2ubuntu1.1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1.6.7-1ubuntu2.3)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
Patches: Upstream: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||