CVE-2020-10772

Summary

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

Affected Software

VendorProductVersion RangeStatus
n/aunboundunbound-1.6.6-5.el7_8affected

Weaknesses

  • CWE-406: CWE-406->CWE-400

ADP Enrichment

CVE Program Container

Additional References

References