CVE-2020-10772

EPSS 0.3%
Veröffentlicht 27.11.2020 18:15:11
Zuletzt bearbeitet 21.11.2024 04:56:02
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nlnetlabs ≫ Unbound Version1.6.6-5

Redhat ≫ Enterprise Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.505

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-406 Insufficient Control of Network Message Volume (Network Amplification)

The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.

https://bugzilla.redhat.com/show_bug.cgi?id=1846026

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-10772

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10772

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10772

EUVD