CVE-2020-10772

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2020-10772
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2020-11-27 18:15:00 UTC
Updated2023-11-07 03:14:00 UTC
DescriptionAn incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

Risk And Classification

Problem Types: CWE-400

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Nlnetlabs Unbound 1.6.6-5 All All All
Application Nlnetlabs Unbound 1.6.6-5 All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 7.0 All All All

References

ReferenceSourceLinkTags
1846026 – (CVE-2020-10772) CVE-2020-10772 unbound: incomplete fix for CVE-2020-12662 in RHEL7 MISC bugzilla.redhat.com Issue Tracking, Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 377040 Alibaba Cloud Linux Security Update for unbound (ALINUX2-SA-2020:0102)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report