{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-12T18:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://www.nxnsattack.com"}, {"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"}, {"name": "FEDORA-2020-3cfd38fefd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"}, {"name": "DSA-4694", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4694"}, {"name": "FEDORA-2020-8e9b62948e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"}, {"name": "USN-4374-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4374-1/"}, {"name": "openSUSE-SU-2020:0912", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"name": "openSUSE-SU-2020:0913", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200702-0006/"}, {"name": "FreeBSD-SA-20:19", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"}, {"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12662", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt", "refsource": "CONFIRM", "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"}, {"name": "http://www.nxnsattack.com", "refsource": "MISC", "url": "http://www.nxnsattack.com"}, {"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"}, {"name": "FEDORA-2020-3cfd38fefd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"}, {"name": "DSA-4694", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4694"}, {"name": "FEDORA-2020-8e9b62948e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_20_12", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"}, {"name": "USN-4374-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4374-1/"}, {"name": "openSUSE-SU-2020:0912", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"name": "openSUSE-SU-2020:0913", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}, {"name": "https://security.netapp.com/advisory/ntap-20200702-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200702-0006/"}, {"name": "FreeBSD-SA-20:19", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"}, {"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:04:22.549Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.nxnsattack.com"}, {"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"}, {"name": "FEDORA-2020-3cfd38fefd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"}, {"name": "DSA-4694", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4694"}, {"name": "FEDORA-2020-8e9b62948e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"}, {"name": "USN-4374-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4374-1/"}, {"name": "openSUSE-SU-2020:0912", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"name": "openSUSE-SU-2020:0913", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200702-0006/"}, {"name": "FreeBSD-SA-20:19", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"}, {"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12662", "datePublished": "2020-05-19T13:50:18", "dateReserved": "2020-05-05T00:00:00", "dateUpdated": "2024-08-04T12:04:22.549Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ABD5553-FB9A-4465-836C-2031C04730C9", "versionEndExcluding": "1.10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."}, {"lang": "es", "value": "Unbound versiones anteriores a 1.10.1, presenta un Control Insuficiente del Volumen de Mensajes de Red, tambi\u00e9n se conoce como un problema de \"NXNSAttack\". Esto es activado por subdominios aleatorios en NSDNAME en registros NS."}], "id": "CVE-2020-12662", "lastModified": "2023-11-07T03:15:42.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-19T14:15:11.190", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"}, {"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "http://www.nxnsattack.com"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200702-0006/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4374-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4694"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_12"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2640", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "unbound-0:1.4.20-29.el6_10.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2414", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "unbound-0:1.6.6-4.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-06-08T00:00:00Z"}, {"advisory": "RHSA-2020:4181", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "unbound-0:1.6.6-2.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-10-06T00:00:00Z"}, {"advisory": "RHSA-2020:2416", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "unbound-0:1.7.3-11.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-06-08T00:00:00Z"}, {"advisory": "RHSA-2020:2418", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "unbound-0:1.7.3-9.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-06-08T00:00:00Z"}, {"advisory": "RHSA-2020:2419", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "unbound-0:1.7.3-9.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-06-08T00:00:00Z"}], "bugzilla": {"description": "unbound: amplification of an incoming query into a large number of queries directed to a target", "id": "1837597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837597"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-406->CWE-400", "details": ["Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records.", "A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive resolver or authoritative name server."], "name": "CVE-2020-12662", "public_date": "2020-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12662\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12662\nhttp://www.nxnsattack.com/\nhttps://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"], "threat_severity": "Important", "upstream_fix": "unbound 1.10.1"}