CVE-2020-10772

Published: Nov 27, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

Affected (1)

Products: Nlnetlabs: Unbound

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nlnetlabs Unbound	Version 1.6.6-5

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Insufficient Control of Network Message Volume (Network Amplification)

The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1846026

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1846026

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.