CVE-2020-10772

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/11/2020
Last modified:
17/06/2026

Description

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nlnetlabs:unbound:1.6.6-5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*