UBUNTU-CVE-2024-25638

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-25638

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-25638.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-25638

Related

CVE-2024-25638

Published

2024-07-22T14:15:00Z

Modified

2025-06-03T17:49:17Z

Severity

8.9 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/ubuntu/dnsjava@2.1.7+dfsg-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.7-0.1

2.1.7+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "It requires privilege of the system."
}

Ubuntu:Pro:18.04:LTS / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/ubuntu/dnsjava@2.1.8-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-1

2.1.8-2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "It requires privilege of the system."
}

Ubuntu:Pro:20.04:LTS / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/ubuntu/dnsjava@2.1.8-2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "It requires privilege of the system."
}

Ubuntu:22.04:LTS / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/ubuntu/dnsjava@2.1.8-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "It requires privilege of the system."
}

Ubuntu:24.10 / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/ubuntu/dnsjava@2.1.8-2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "It requires privilege of the system."
}

Ubuntu:24.04:LTS / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/ubuntu/dnsjava@2.1.8-2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "It requires privilege of the system."
}

Ubuntu:25.04 / dnsjava

Package

Name: dnsjava
Purl: pkg:deb/ubuntu/dnsjava@3.6.2-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

3.*

3.6.2-1

3.6.2-2

Ecosystem specific

{
    "ubuntu_priority": "low",
    "priority_reason": "It requires privilege of the system."
}