Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 723984 (CVE-2020-12662, CVE-2020-12663)

Summary: <net-dns/unbound-1.10.1: multiple vulnerabilities (CVE-2020-{12662,12663})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: alarig, mschiff, whissi
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-05-19 15:05:04 UTC
CVE-2020-12663 (
  Unbound can be tricked into amplifying an incoming query into a large
  number of queries directed to a target.

CVE-2020-12662 (
  Malformed answers from upstream name servers can be used to make Unbound

CVE texts are mixed.
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-21 07:53:57 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-05-21 07:57:37 UTC
arm stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-05-21 07:59:32 UTC
ppc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-05-21 08:01:22 UTC
ppc64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-05-21 08:06:56 UTC
x86 stable
Comment 6 Sam James archtester gentoo-dev Security 2020-05-21 22:55:40 UTC
@maintainer(s), please cleanup
Comment 7 Larry the Git Cow gentoo-dev 2020-05-21 23:09:08 UTC
The bug has been referenced in the following commit(s):

commit cc9d625b6931b268fb3d5cbaa259856fceecb582
Author:     Thomas Deutschmann <>
AuthorDate: 2020-05-21 23:08:50 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2020-05-21 23:08:50 +0000

    net-dns/unbound: security cleanup
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <>

 net-dns/unbound/Manifest              |   1 -
 net-dns/unbound/unbound-1.10.0.ebuild | 183 ----------------------------------
 2 files changed, 184 deletions(-)