ALPINE-CVE-2020-12662

ALPINE-CVE-2020-12662 PUBLISHED CVSS 7.5 HIGH

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.21	unbound	0, 1.9.6-r0, 1.9.5-r3
Alpine:v3.16	unbound	1.6.4-r0, 1.9.6-r0, 1.9.5-r3
Alpine:v3.13	unbound	1.6.4-r0, 1.9.6-r0, 1.9.5-r3
Alpine:v3.11	unbound	1.4.10-r1, 1.9.6-r0, 1.9.5-r3
Alpine:v3.18	unbound	1.9.6-r0, 0, 1.10.0-r0
Alpine:v3.14	unbound	1.7.3-r0, 0, 1.10.0-r0
Alpine:v3.23	unbound	1.9.1-r1, 1.9.6-r0, 1.9.5-r3
Alpine:v3.22	unbound	0, 1.9.6-r0, 1.9.5-r3
Alpine:v3.9	unbound	1.6.3-r0, 1.6.2-r0, 1.6.1-r1
Alpine:v3.20	unbound	1.4.19-r1, 1.4.19-r0, 1.4.18-r0
Alpine:v3.12	unbound	1.5.7-r0, 1.5.4-r0, 0
Alpine:v3.19	unbound	1.4.13-r2, 0, 1.10.0-r0
Alpine:v3.15	unbound	1.4.17-r0, 1.4.18-r0, 1.4.19-r0
Alpine:v3.10	unbound	1.4.21-r0, 1.4.21-r1, 1.4.22-r0
Alpine:v3.17	unbound	1.10.0-r0, 1.4.10-r0, 1.4.13-r0

Timeline

May 19, 2020 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2020-12662 advisory

Open in Interactive Console →