7.5

CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NlnetlabsUnbound Version < 1.10.1
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseLeap Version15.1
OpensuseLeap Version15.2
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
FedoraprojectFedora Version31
FedoraprojectFedora Version32
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.08% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://www.openwall.com/lists/oss-security/2020/05/19/5
Patch
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4374-1/
Third Party Advisory