The fix for CVE-2020-12662 as shipped in Red Hat Enterprise Linux 7 (with version 1.6.6-4.el7_8 of Unbound delivered with https://access.redhat.com/errata/RHSA-2020:2414) is not complete and it still allows amplification of an incoming query into a bigger number of queries directed to a target. This issue is about the incomplete fix for CVE-2020-12662 and it does not affect upstream versions of unbound.
For more details about the original issue, refer to bug 1837597.
Even though the original fix for CVE-2020-12662 was incomplete, it slightly improved the situation over an unpatched version of Unbound, reducing the amplification ratio of a possible attack.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:2642 https://access.redhat.com/errata/RHSA-2020:2642
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):