ALAS-2020-1373 --- unboundID: oval:org.secpod.oval:def:1601142 | Date: (C)2020-06-11 (M)2023-11-10 |
Class: PATCH | Family: unix |
A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive resolver or authoritative name server.Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
Platform: |
Amazon Linux AMI |