Vulnerability Details CVE-2020-10772
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-10772
-
cpe:2.3:a:nlnetlabs:unbound:1.6.6-5
-
cpe:2.3:o:redhat:enterprise_linux:7.0