CVE-2020-12662

Published: May 19, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Affected (10)

Products: Nlnetlabs: Unbound · Debian: Debian Linux · Opensuse: Leap · +2 more

Show all products

Nlnetlabs: Unbound · Debian: Debian Linux · Opensuse: Leap · Canonical: Ubuntu Linux · Fedoraproject: Fedora

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nlnetlabs Unbound	Before 1.10.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.10
Canonical Ubuntu Linux	Version 20.04

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (26)

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.nxnsattack.com

Source: cve@mitre.org

Technical Description

http://www.openwall.com/lists/oss-security/2020/05/19/5

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/

Source: cve@mitre.org

https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt

Source: cve@mitre.org

Vendor Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200702-0006/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4374-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4694

Source: cve@mitre.org

Third Party Advisory

https://www.synology.com/security/advisory/Synology_SA_20_12

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html