VDB
CVE-2020-10995
CVE-2020-10995
PUBLISHED
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.
EPSS 0.13% · 31.4th percentile
Risk Scores
EPSS Score
0.13%
31.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | pdns-recursor | 0, 4.2.1-1build1, 4.2.1-1ubuntu0.1~esm1 |
| Ubuntu:Pro:16.04:LTS | pdns-recursor | 0, 3.7.3-1, 4.0.0~alpha1-2 |
| Ubuntu:Pro:18.04:LTS | pdns-recursor | 4.0.6-1build1, 4.0.6-1, 4.1.1-2 |
Exploit Intelligence
- CIRCL seen: CVE-2020-10995 (circl-sighting)
- http://www.nxnsattack.com (circl)
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html (circl)
- DSA-4691 (circl)
- openSUSE-SU-2020:0698 (circl)
- FEDORA-2020-d9abb0c06d (circl)
- FEDORA-2020-c0ff3df740 (circl)
Timeline
- May 19, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-10995 third-party-advisory
- https://www.openwall.com/lists/oss-security/2020/05/19/3 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-10995 third-party-advisory