7.5
CVE-2020-12662
- EPSS 3.17%
- Veröffentlicht 19.05.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:00:00
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.10
Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.17% | 0.864 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
http://www.nxnsattack.com
http://www.openwall.com/lists/oss-security/2020/05/19/5
https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/
https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc
https://security.netapp.com/advisory/ntap-20200702-0006/
https://usn.ubuntu.com/4374-1/
https://www.debian.org/security/2020/dsa-4694
https://www.synology.com/security/advisory/Synology_SA_20_12