We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | GitHub_M |
Reserved | 2024-02-08 |
Published | 2024-07-22 |
Updated | 2024-09-04 |
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L |
CWE-345: Insufficient Verification of Data Authenticity
CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705