7.5

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NlnetlabsUnbound Version < 1.10.1
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseLeap Version15.1
OpensuseLeap Version15.2
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
FedoraprojectFedora Version31
FedoraprojectFedora Version32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.17% 0.864
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
Third Party Advisory
Mailing List
http://www.nxnsattack.com
Technical Description
http://www.openwall.com/lists/oss-security/2020/05/19/5
Patch
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/
https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Vendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200702-0006/
Third Party Advisory
https://usn.ubuntu.com/4374-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4694
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_12
Third Party Advisory