DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.
Advisories for Maven/Dnsjava/Dnsjava package
2024
DNSJava DNSSEC Bypass
Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones.
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.