unbound: Multiple vulnerabilities (CVE-2020-12662, CVE-2020-12663)
CVE-2020-12662: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target.
Affected Versions:
All version of Unbound up to and including 1.10.0
References:
- https://www.openwall.com/lists/oss-security/2020/05/19/5
- https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
CVE-2020-12663: Malformed answers from upstream name servers can be used to make Unbound unresponsive.
Affected Versions:
All version of Unbound up to and including 1.10.0
References:
- https://www.openwall.com/lists/oss-security/2020/05/19/5
- https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
Affected branches:
-
master -
3.11-stable -
3.10-stable -
3.9-stable -
3.8-stable
Edited by Leo