Main Vulnerability Database Vulnerabilities #VU97732

#VU97732 Insufficient verification of data authenticity in dnsjava - CVE-2024-25638

Published: September 26, 2024

Vulnerability identifier: #VU97732

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-25638

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
dnsjava

Software vendor:
dnsjava

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper response validation when handling DNS queries. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. A remote attacker can bypass DNSSEC restrictions.

Remediation

Install updates from vendor's website.

External links

https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705

#VU97732 Insufficient verification of data authenticity in dnsjava - CVE-2024-25638

Description

Remediation

External links

Please verify you're human