5
CVSSv2

CVE-2020-12662

Published: 19/05/2020 Updated: 01/06/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Unbound prior to 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Vulnerability Trend

Affected Products

Vendor Product Versions
NlnetlabsUnbound-, 0.0, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.7.1, 0.7.2, 0.8, 0.9, 0.10, 0.11, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 1.4.19, 1.4.20, 1.4.21, 1.4.22, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.6rc1, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.2, 1.9.3, 1.9.4

Vendor Advisories

Several security issues were fixed in Unbound ...
Two vulnerabiliites have been discovered in Unbound, a recursive-only caching DNS server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient sanitisation of replies from upstream servers could result in denial of service via an infinite loop The version of Unbound in the oldstable distributi ...
Arch Linux Security Advisory ASA-202005-14 ========================================== Severity: High Date : 2020-05-20 CVE-ID : CVE-2020-12662 CVE-2020-12663 Package : unbound Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-1164 Summary ======= The package unbound before version 1101-1 is vulnerable t ...
An issue has been found in unbound before 1101, that makes it possible to have a single incoming query result in a large number of outgoing queries This amplification makes it possible for Unbound to be used in a denial of service attack The researchers discovering this called this attack the NXNSattackThis attack makes use of cache bypassing ...
infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663 ) insufficient control of network message volume leads to DoS (CVE-2020-12662 ) ...

Mailing Lists

Hello, Below is a copy of Unbound's CVE description that can be found at nlnetlabsnl/downloads/unbound/CVE-2020-12662_2020-12663txt Regards, Ralph == Two vulnerabilities have been discovered in Unbound: CVE-2020-12662 and CVE-2020-12663 == Summary = CVE-2020-12662 Unbound can be tricked into amplifying an incoming query into a large ...