{
  "threat_severity" : "Important",
  "public_date" : "2020-05-19T00:00:00Z",
  "bugzilla" : {
    "description" : "unbound: infinite loop via malformed DNS answers received from upstream servers",
    "id" : "1837604",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1837604"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20->CWE-835",
  "details" : [ "Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.", "A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2640",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "unbound-0:1.4.20-29.el6_10.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2414",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "unbound-0:1.6.6-4.el7_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2020-10-06T00:00:00Z",
    "advisory" : "RHSA-2020:4181",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "unbound-0:1.6.6-2.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2416",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "unbound-0:1.7.3-11.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2418",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "unbound-0:1.7.3-9.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2020-06-08T00:00:00Z",
    "advisory" : "RHSA-2020:2419",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "unbound-0:1.7.3-9.el8_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-12663\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12663" ],
  "name" : "CVE-2020-12663",
  "csaw" : false
}