Unrated severityNVD Advisory· Published May 19, 2020· Updated Aug 4, 2024
CVE-2020-12662
CVE-2020-12662
Description
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- Unbound/Unbounddescription
- osv-coords11 versionspkg:rpm/opensuse/libunbound-devel-mini&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libunbound-devel-mini&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/unbound&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/unbound&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/unbound&distro=openSUSE%20Tumbleweedpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 1.6.8-lp151.8.3.1+ 10 more
- (no CPE)range: < 1.6.8-lp151.8.3.1
- (no CPE)range: < 1.6.8-lp152.9.3.1
- (no CPE)range: < 1.6.8-lp151.8.3.1
- (no CPE)range: < 1.6.8-lp152.9.3.1
- (no CPE)range: < 1.13.2-1.2
- (no CPE)range: < 1.6.8-3.6.1
- (no CPE)range: < 1.6.8-3.6.1
- (no CPE)range: < 1.6.8-10.3.1
- (no CPE)range: < 1.6.8-10.3.1
- (no CPE)range: < 1.6.8-3.6.1
- (no CPE)range: < 1.6.8-3.6.1
Patches
Vulnerability mechanics
References
13- lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/mitrevendor-advisoryx_refsource_FEDORA
- security.freebsd.org/advisories/FreeBSD-SA-20:19.unbound.ascmitrevendor-advisoryx_refsource_FREEBSD
- usn.ubuntu.com/4374-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4694mitrevendor-advisoryx_refsource_DEBIAN
- www.nxnsattack.commitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2020/05/19/5mitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2021/02/msg00017.htmlmitremailing-listx_refsource_MLIST
- nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txtmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20200702-0006/mitrex_refsource_CONFIRM
- www.synology.com/security/advisory/Synology_SA_20_12mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.