Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-10995

Published: 19/05/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Recursor

Vulnerability Summary

An issue has been found in PowerDNS Recursor prior to 4.3.1 and 4.2.2. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. The effect was already limited in PowerDNS Recursor because of existing mitigations, but additional mitigations relative to this specific attack have been added.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

powerdns recursor

fedoraproject fedora 31

fedoraproject fedora 32

debian debian linux 10.0

opensuse leap 15.1

opensuse backports sle 15.0

Vendor Advisories

Arch Linux Issues:
An issue has been found in PowerDNS Recursor before 431 and 422 An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other ...

References

CWE-400https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.htmlhttp://www.nxnsattack.comhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.htmlhttps://www.debian.org/security/2020/dsa-4691https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-10995
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook