7.5

CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NlnetlabsUnbound Version < 1.10.1
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseLeap Version15.1
OpensuseLeap Version15.2
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
FedoraprojectFedora Version31
FedoraprojectFedora Version32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.59% 0.879
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2020/05/19/5
Patch
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/
https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Vendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc
Third Party Advisory
https://usn.ubuntu.com/4374-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4694
Third Party Advisory