Products
dnsjava
- before 3.6.0
Source
security-advisories@github.com
Tags
CVE-2024-25638 details
Published : July 22, 2024, 2:15 p.m.
Last Modified : July 22, 2024, 2:15 p.m.
Last Modified : July 22, 2024, 2:15 p.m.
Description
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.9 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-345 | Insufficient Verification of Data Authenticity | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
Base Score
8.9
Exploitability Score
2.2
Impact Score
6.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
References
URL | Source |
---|---|
https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d | security-advisories@github.com |
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.