CVE-2020-12662

Опубликовано: 19 мая 2020

Источник: redhat

CVSS3: 7.5

EPSS Средний

Описание

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive resolver or authoritative name server.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-406->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1837597unbound: amplification of an incoming query into a large number of queries directed to a target

EPSS

Процентиль: 94%

0.15507

Средний

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-12662

CVSS3: 7.5

ubuntu

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVE-2020-12662

CVSS3: 7.5

nvd

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVE-2020-12662

CVSS3: 7.5

msrc

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVE-2020-12662

CVSS3: 7.5

debian

больше 5 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...

GHSA-w2pr-2387-vxgh

github

больше 3 лет назад

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

EPSS

Процентиль: 94%

0.15507

Средний

7.5 High

CVSS3