Home

CVE-2020-12662

Description

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an NXNSAttack issue. This is triggered by random subdomains in the NSDNAME in NS records.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
15.507

Associated Vulnerability

VulnerabilityOS Platform
unbound security update(DSA-4694-1) unbound_1.9.0-2+deb10u2_i386.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) unbound_1.6.7-1ubuntu2.3_i386.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) unbound_1.6.7-1ubuntu2.3_amd64.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) unbound_1.9.0-2ubuntu1.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) unbound_1.9.0-2ubuntu1.1_amd64.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) unbound_1.9.4-2ubuntu1.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) unbound_1.9.4-2ubuntu1.1_amd64.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) libunbound2_1.6.7-1ubuntu2.3_i386.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) libunbound2_1.6.7-1ubuntu2.3_amd64.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) libunbound8_1.9.0-2ubuntu1.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) libunbound8_1.9.0-2ubuntu1.1_amd64.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) libunbound8_1.9.4-2ubuntu1.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-4374-1) libunbound8_1.9.4-2ubuntu1.1_amd64.debLinux
(RHSA-2020:2414) unbound security update unbound-1.6.6-4.el7_8.x86_64.rpmLinux
(RHSA-2020:2414) unbound security update unbound-devel-1.6.6-4.el7_8.i686.rpmLinux
(RHSA-2020:2414) unbound security update unbound-devel-1.6.6-4.el7_8.x86_64.rpmLinux
(RHSA-2020:2414) unbound security update unbound-libs-1.6.6-4.el7_8.i686.rpmLinux
(RHSA-2020:2414) unbound security update unbound-libs-1.6.6-4.el7_8.x86_64.rpmLinux
(RHSA-2020:2414) unbound security update unbound-python-1.6.6-4.el7_8.x86_64.rpmLinux
(RHSA-2020:2640) unbound security update unbound-1.4.20-29.el6_10.1.i686.rpmLinux
(RHSA-2020:2640) unbound security update unbound-1.4.20-29.el6_10.1.x86_64.rpmLinux
(RHSA-2020:2640) unbound security update unbound-devel-1.4.20-29.el6_10.1.i686.rpmLinux
(RHSA-2020:2640) unbound security update unbound-devel-1.4.20-29.el6_10.1.x86_64.rpmLinux
(RHSA-2020:2640) unbound security update unbound-libs-1.4.20-29.el6_10.1.i686.rpmLinux
(RHSA-2020:2640) unbound security update unbound-libs-1.4.20-29.el6_10.1.x86_64.rpmLinux
(RHSA-2020:2640) unbound security update unbound-python-1.4.20-29.el6_10.1.i686.rpmLinux
(RHSA-2020:2640) unbound security update unbound-python-1.4.20-29.el6_10.1.x86_64.rpmLinux
Python3-unbound update (ELSA-2020-2416) python3-unbound-1.7.3-11.el8_2.x86_64.rpmLinux
Unbound-devel update (ELSA-2020-2416) unbound-devel-1.7.3-11.el8_2.x86_64.rpmLinux
Unbound-libs update (ELSA-2020-2416) unbound-libs-1.7.3-11.el8_2.x86_64.rpmLinux
Unbound-devel update (ELSA-2020-2416) unbound-devel-1.7.3-11.el8_2.i686.rpmLinux
Unbound-libs update (ELSA-2020-2416) unbound-libs-1.7.3-11.el8_2.i686.rpmLinux
(CESA-2020:2414) unbound security update unbound-1.6.6-4.el7_8.x86_64.rpmLinux
(CESA-2020:2414) unbound security update unbound-devel-1.6.6-4.el7_8.i686.rpmLinux
(CESA-2020:2414) unbound security update unbound-devel-1.6.6-4.el7_8.x86_64.rpmLinux
(CESA-2020:2414) unbound security update unbound-libs-1.6.6-4.el7_8.i686.rpmLinux
(CESA-2020:2414) unbound security update unbound-libs-1.6.6-4.el7_8.x86_64.rpmLinux
(CESA-2020:2414) unbound security update unbound-python-1.6.6-4.el7_8.x86_64.rpmLinux
Uncontrolled Resource Consumption Vulnerability (CVE-2020-12662)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234