CVE-2020-12662

Опубликовано: 19 мая 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
Mailing List
Third Party Advisory
http://www.nxnsattack.com
Technical Description
http://www.openwall.com/lists/oss-security/2020/05/19/5
Mailing List
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/
https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Vendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200702-0006/
Third Party Advisory
https://usn.ubuntu.com/4374-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4694
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_12
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
Mailing List
Third Party Advisory
http://www.nxnsattack.com
Technical Description
http://www.openwall.com/lists/oss-security/2020/05/19/5
Mailing List
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*

Версия до 1.10.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.15507

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2020-12662

CVSS3: 7.5

ubuntu

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVE-2020-12662

CVSS3: 7.5

redhat

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVE-2020-12662

CVSS3: 7.5

msrc

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVE-2020-12662

CVSS3: 7.5

debian

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...

GHSA-w2pr-2387-vxgh

github

больше 3 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

EPSS

Процентиль: 94%

0.15507

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400