5
CVSSv2

CVE-2020-12667

Published: 19/05/2020 Updated: 28/05/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Knot Resolver prior to 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Vulnerability Trend

Affected Products

Vendor Product Versions
NicKnot Resolver1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.99.1, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 3.0.0, 3.1.0, 3.2.0, 3.2.1, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 5.0.0, 5.0.1

Vendor Advisories

Debian Bug report logs - #961076 NXNS Attack (CVE-2020-12667) Package: knot-resolver; Maintainer for knot-resolver is knot-resolver packagers <knot-resolver@packagesdebianorg>; Source for knot-resolver is src:knot-resolver (PTS, buildd, popcon) Reported by: danielbaumann@progress-linuxorg Date: Tue, 19 May 2020 20:21:0 ...