CVE-2024-25638

HIGH

dnsjava <3.6.0 - DNS Response Record Validation Bypass

Title source: manual

Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

References (3)

Core 3

Core References

Patch

https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d

View Patch ZIP pw:eip

Vendor Advisory x_refsource_confirm

https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

Patch x_refsource_misc

https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705

View Patch ZIP pw:eip

Scores

CVSS v3 8.9

EPSS 0.0039

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-345 CWE-349

Status published

Products (2)

dnsjava/dnsjava 0 - 3.6.0Maven

dnsjava/dnsjava < 3.6.0

Published Jul 22, 2024

Tracked Since Feb 18, 2026