6.5
CVSS V3
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Users using the ValidatingResolver
for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.
Users should upgrade to dnsjava v3.6.0
Although not recommended, only using a non-validating resolver, will remove the vulnerability.