Lucene search

Unbound Security Vulnerabilities - 2020

cve

CVE-2020-10772

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to ...

7.5CVSS

7.4AI Score

0.011EPSS

2020-11-27 06:15 PM

231

cve

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.5CVSS

7.5AI Score

0.011EPSS

2020-05-19 02:15 PM

240

cve

CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

7.5CVSS

7.5AI Score

0.019EPSS

2020-05-19 02:15 PM

185

cve

CVE-2020-28935

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writi...

5.5CVSS

6.2AI Score

0.0004EPSS

2020-12-07 10:15 PM

282