CVE-2024-25638

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-25638

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25638.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-25638

Aliases

GHSA-cfxw-4h78-h7fw

Related

UBUNTU-CVE-2024-25638

Published

2024-07-22T14:15:04Z

Modified

2024-10-08T04:04:57.259130Z

Summary

[none]

Details

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References

Affected packages

Debian:11 / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/debian/dnsjava?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/debian/dnsjava?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/dnsjava/dnsjava

Affected ranges

Type: GIT
Repo: https://github.com/dnsjava/dnsjava
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2073a0cdea2c560465f7ac0cc56f202e6fc39705

Affected versions

v2.*

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v3.*

v3.0.0

v3.0.0-next.1

v3.0.1

v3.0.2

v3.1.0

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.5.2

v3.5.3