CVE-2020-12662
HIGH7.5EPSS 16.1%unbound - security update
Published: 5/19/2020Modified: 4/28/2026
Also known as:ALPINE-CVE-2020-12662DEBIAN-CVE-2020-12662
Description
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Affected packages (4)
- Alpine/unboundfrom 0, < 1.9.1-r8
- Debian/unboundfrom 0, < 1.10.1-1
- Debian/unboundfrom 0, < 1.9.0-2+deb10u2
- Debian/unbound1.9from 0, < 1.9.0-2+deb10u2~deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |