CVE-2020-12662 - Uncontrolled Recursion

Severity

75%

Complexity

39%

Confidentiality

60%

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 4 years ago

2020-05-19 14:15:00

Last updated 4 years ago

2020-07-08 23:15:00

Affected Software

NLnet Labs Unbound

References

http://www.nxnsattack.com

[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663

https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt

http://www.nxnsattack.com

Technical Description

[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663

Mailing List, Patch, Third Party Advisory

https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt

Vendor Advisory

FEDORA-2020-3cfd38fefd

FEDORA-2020-8e9b62948e

DSA-4694

https://www.synology.com/security/advisory/Synology_SA_20_12

USN-4374-1

openSUSE-SU-2020:0913

openSUSE-SU-2020:0912

https://security.netapp.com/advisory/ntap-20200702-0006/

FreeBSD-SA-20:19

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.