CVE-2020-12662
unbound - security update
7.5
HIGH
CVSS 3.1
EPSS 16.1%
Description
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
How to fix CVE-2020-12662
To remediate CVE-2020-12662, upgrade the affected package to a fixed version below.
- Alpine/unbound—upgrade to 1.9.1-r8 or later
- Debian/unbound—upgrade to 1.10.1-1 or later
- —upgrade to 1.9.0-2+deb10u2 or later
- —upgrade to 1.9.0-2+deb10u2~deb9u1 or later
Is CVE-2020-12662 being exploited?
Moderate — EPSS is 16.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 1.9.1-r8
- from 0, < 1.10.1-1
- from 0, < 1.9.0-2+deb10u2
- from 0, < 1.9.0-2+deb10u2~deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |