{
  "threat_severity" : "Important",
  "public_date" : "2020-05-19T00:00:00Z",
  "bugzilla" : {
    "description" : "unbound: amplification of an incoming query into a large number of queries directed to a target",
    "id" : "1837597",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1837597"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-406->CWE-400",
  "details" : [ "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records.", "A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive resolver or authoritative name server." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2640",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "unbound-0:1.4.20-29.el6_10.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2414",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "unbound-0:1.6.6-4.el7_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2020-10-06T00:00:00Z",
    "advisory" : "RHSA-2020:4181",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "unbound-0:1.6.6-2.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2416",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "unbound-0:1.7.3-11.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2418",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "unbound-0:1.7.3-9.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2419",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "unbound-0:1.7.3-9.el8_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-12662\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12662\nhttp://www.nxnsattack.com/\nhttps://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt" ],
  "name" : "CVE-2020-12662",
  "csaw" : false
}