CVE-2020-12663

high-risk

Published 2020-05-19

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

Do I need to act?

9.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Unbound

Debian Linux

Leap

Ubuntu Linux

Fedora

Debian Canonical Fedoraproject Opensuse Nlnetlabs

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html

Mailing List http://www.openwall.com/lists/oss-security/2020/05/19/5

Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html

Vendor Advisory https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt

Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc

Third Party Advisory https://usn.ubuntu.com/4374-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4694

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html

Mailing List http://www.openwall.com/lists/oss-security/2020/05/19/5

Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html

Vendor Advisory https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt

Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc

Third Party Advisory https://usn.ubuntu.com/4374-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4694

/ 100

high-risk

Severity 26/34 · High

Exploitability 10/34 · Low

Exposure 16/34 · Moderate