CVE-2024-25638

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-25638

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25638.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-25638

Aliases

GHSA-cfxw-4h78-h7fw

Published

2024-07-22T14:15:04Z

Modified

2024-09-05T01:34:20.684337Z

Summary

[none]

Details

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References

Affected packages

Git / github.com/dnsjava/dnsjava

Affected ranges

Type: GIT
Repo: https://github.com/dnsjava/dnsjava
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2073a0cdea2c560465f7ac0cc56f202e6fc39705

Affected versions

v2.*

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v3.*

v3.0.0

v3.0.0-next.1

v3.0.1

v3.0.2

v3.1.0

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.5.2

v3.5.3