CVE-2024-25638

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-25638

Severity

8.9

High

CVSS V3

Summary

DNSJava DNSSEC Bypass

Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References

https://images.chainguard.dev/security/CGA-q59c-5jjp-7wcw
https://github.com/advisories/GHSA-cfxw-4h78-h7fw
https://images.chainguard.dev/security/CGA-8jjf-fchm-77wg
https://images.chainguard.dev/security/CGA-7prm-hc7p-gr4j
https://images.chainguard.dev/security/CGA-4hjr-7hmf-gfp2
https://images.chainguard.dev/security/CGA-j867-wmqq-6jmv
https://images.chainguard.dev/security/CGA-4vv6-6qr8-cx4p
https://images.chainguard.dev/security/CGA-hmgx-fgmf-3549
https://images.chainguard.dev/security/CGA-24m2-5jg5-pwpw
https://images.chainguard.dev/security/CGA-rj77-p9x4-qgmq
https://images.chainguard.dev/security/CGA-wf44-r5r7-gv7f
https://images.chainguard.dev/security/CGA-j3g8-6h22-9mmm
https://images.chainguard.dev/security/CGA-j7rj-cmgh-cqrx
https://images.chainguard.dev/security/CGA-7q55-p2cv-jx55
https://images.chainguard.dev/security/CGA-x6hg-7m8w-2fvw
https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705
https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-25638

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company