CVE-2024-25638

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-25638

CGA ID

CGA-hmgx-fgmf-3549

Severity

Unknown

Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References

https://images.chainguard.dev/security/CGA-hmgx-fgmf-3549
https://github.com/advisories/GHSA-cfxw-4h78-h7fw
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705
https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d
https://security-tracker.debian.org/tracker/CVE-2024-25638

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-25638

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources