CVE Vulnerabilities

CVE-2020-12663

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: May 19, 2020 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
LOW

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Unbound Nlnetlabs * 1.10.1 (excluding)
Red Hat Enterprise Linux 6 RedHat unbound-0:1.4.20-29.el6_10.1 *
Red Hat Enterprise Linux 7 RedHat unbound-0:1.6.6-4.el7_8 *
Red Hat Enterprise Linux 7.7 Extended Update Support RedHat unbound-0:1.6.6-2.el7_7 *
Red Hat Enterprise Linux 8 RedHat unbound-0:1.7.3-11.el8_2 *
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions RedHat unbound-0:1.7.3-9.el8_0 *
Red Hat Enterprise Linux 8.1 Extended Update Support RedHat unbound-0:1.7.3-9.el8_1 *
Unbound Ubuntu bionic *
Unbound Ubuntu eoan *
Unbound Ubuntu esm-infra-legacy/trusty *
Unbound Ubuntu esm-infra/xenial *
Unbound Ubuntu focal *
Unbound Ubuntu trusty *
Unbound Ubuntu trusty/esm *
Unbound Ubuntu upstream *
Unbound Ubuntu xenial *

References