ALAS2-2020-1463 --- unboundID: oval:org.secpod.oval:def:1700363 | Date: (C)2020-07-22 (M)2023-11-13 |
Class: PATCH | Family: unix |
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020-2414 . Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662 , and it does not affect upstream versions of Unbound