CVE-2024-25638

high

Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References

https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d

Details

Source: Mitre, NVD

Published: 2024-07-22

Updated: 2024-07-24

Risk Information

CVSS v2

Base Score: 7.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:P

Severity: High

CVSS v3

Base Score: 8.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L