OpenCVE

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nlnetlabs	Unbound
Redhat	Enterprise Linux

Configuration 1 [-]

AND

cpe:2.3:a:nlnetlabs:unbound:1.6.6-5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
unbound-0:1.6.6-5.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:2642	2020-06-22T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1846026
https://nvd.nist.gov/vuln/detail/CVE-2020-10772
https://www.cve.org/CVERecord?id=CVE-2020-10772

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-11-27T17:40:05

Updated: 2024-08-04T11:14:15.485Z

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10772

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-27T18:15:11.440

Modified: 2024-11-21T04:56:02.407

Link: CVE-2020-10772

Redhat

Severity : Important

Publid Date: 2020-06-10T00:00:00Z

Links: CVE-2020-10772 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "unbound", "vendor": "n/a", "versions": [{"status": "affected", "version": "unbound-1.6.6-5.el7_8"}]}], "descriptions": [{"lang": "en", "value": "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-406", "description": "CWE-406->CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-27T17:40:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10772", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "unbound", "version": {"version_data": [{"version_value": "unbound-1.6.6-5.el7_8"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-406->CWE-400"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:14:15.485Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10772", "datePublished": "2020-11-27T17:40:05", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:15.485Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.6.6-5:*:*:*:*:*:*:*", "matchCriteriaId": "54EB2AED-8F01-4805-872E-E31BB46FA5D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound."}, {"lang": "es", "value": "Una correcci\u00f3n incompleta fue entregada para CVE-2020-12662 para Unbound en Red Hat Enterprise Linux versi\u00f3n 7, como parte de la errata de RHSA-2020: 2414. Las versiones vulnerables de Unbound a\u00fan podr\u00edan amplificar una consulta entrante en una gran cantidad de consultas dirigidas a un objetivo, inclusive con un \u00edndice de amplificaci\u00f3n m\u00e1s bajo en comparaci\u00f3n con las versiones de Unbound que se enviaron antes de la errata mencionada. Este problema se trata de la correcci\u00f3n incompleta para el CVE-2020-12662 y no afecta a las versiones anteriores de Unbound"}], "id": "CVE-2020-10772", "lastModified": "2024-11-21T04:56:02.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-27T18:15:11.440", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-406"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}