CVE-2024-25638

CVSS V2 None CVSS V3 None

Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

Overview

CVE ID
CVE-2024-25638

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-07-22T14:05:29.278Z

Last Modified Date
2024-07-22T15:42:13.936Z

Weakness Enumerations

CWE	URL
CWE-345	http://cwe.mitre.org/data/definitions/345.html
CWE-349	http://cwe.mitre.org/data/definitions/349.html

References

Reference URL	Reference Tags
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw	x_refsource_CONFIRM
https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-25638
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25638

History

Created	Old Value	New Value	Data Type	Notes
2024-07-23 13:16:10				Added to TrackCVE