2020-05-22
ALT-BU-2020-3826-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2020-05-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12662
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2020:0913
- openSUSE-SU-2020:0912
- http://www.nxnsattack.com
- [oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update
- FEDORA-2020-3cfd38fefd
- FEDORA-2020-8e9b62948e
- https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
- FreeBSD-SA-20:19
- https://security.netapp.com/advisory/ntap-20200702-0006/
- USN-4374-1
- DSA-4694
- https://www.synology.com/security/advisory/Synology_SA_20_12
- openSUSE-SU-2020:0913
- https://www.synology.com/security/advisory/Synology_SA_20_12
- DSA-4694
- USN-4374-1
- https://security.netapp.com/advisory/ntap-20200702-0006/
- FreeBSD-SA-20:19
- https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
- FEDORA-2020-8e9b62948e
- FEDORA-2020-3cfd38fefd
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update
- [oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663
- http://www.nxnsattack.com
- openSUSE-SU-2020:0912
Published: 2020-05-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12663
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2020:0913
- openSUSE-SU-2020:0912
- [oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update
- FEDORA-2020-3cfd38fefd
- FEDORA-2020-8e9b62948e
- https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
- FreeBSD-SA-20:19
- USN-4374-1
- DSA-4694
- openSUSE-SU-2020:0913
- DSA-4694
- USN-4374-1
- FreeBSD-SA-20:19
- https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
- FEDORA-2020-8e9b62948e
- FEDORA-2020-3cfd38fefd
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update
- [oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663
- openSUSE-SU-2020:0912