Unrated severityNVD Advisory· Published May 19, 2020· Updated Aug 4, 2024
CVE-2020-12662
CVE-2020-12662
Description
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Affected products
12- Unbound/Unbounddescription
- osv-coords11 versionspkg:rpm/opensuse/libunbound-devel-mini&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libunbound-devel-mini&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/unbound&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/unbound&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/unbound&distro=openSUSE%20Tumbleweedpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 1.6.8-lp151.8.3.1+ 10 more
- (no CPE)range: < 1.6.8-lp151.8.3.1
- (no CPE)range: < 1.6.8-lp152.9.3.1
- (no CPE)range: < 1.6.8-lp151.8.3.1
- (no CPE)range: < 1.6.8-lp152.9.3.1
- (no CPE)range: < 1.13.2-1.2
- (no CPE)range: < 1.6.8-3.6.1
- (no CPE)range: < 1.6.8-3.6.1
- (no CPE)range: < 1.6.8-10.3.1
- (no CPE)range: < 1.6.8-10.3.1
- (no CPE)range: < 1.6.8-3.6.1
- (no CPE)range: < 1.6.8-3.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/mitrevendor-advisoryx_refsource_FEDORA
- security.freebsd.org/advisories/FreeBSD-SA-20:19.unbound.ascmitrevendor-advisoryx_refsource_FREEBSD
- usn.ubuntu.com/4374-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4694mitrevendor-advisoryx_refsource_DEBIAN
- www.nxnsattack.commitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2020/05/19/5mitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2021/02/msg00017.htmlmitremailing-listx_refsource_MLIST
- nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txtmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20200702-0006/mitrex_refsource_CONFIRM
- www.synology.com/security/advisory/Synology_SA_20_12mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.