A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | unbound | 2020-05-22 20:58 | ALAS-2020-1373 |
Amazon Linux 2 - Core | unbound | 2020-05-19 18:32 | ALAS2-2020-1430 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |