/

Directory Security Advisories Pricing

Security Advisories

GHSA-crjg-w57m-rqqf

Published

Last updated

https://github.com/advisories/GHSA-crjg-w57m-rqqf

Severity

Unknown

Summary

DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks

Description

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

© 2025 Chainguard. All Rights Reserved.

Products

Chainguard Containers Chainguard Libraries Chainguard VMs

Why Chainguard

FedRAMP PCI CVE Remediation Golden Images

Customers

Customer Stories Chainguard Love

Company

About Us Pricing Contact Us Open Source Careers Newsroom Legal

Resources

Unchained Blog Events Trust Center Documentation