CVE-2024-25638

high

Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References

https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705

Details

Source: Mitre, NVD

Published: 2024-07-22

Updated: 2024-09-04

Risk Information

CVSS v2

Base Score: 7.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:P

Severity: High

CVSS v3

Base Score: 8.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L