CVE-2024-25638: DNSJava DNSSEC Bypass

July 22, 2024

Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones.

References

github.com/advisories/GHSA-cfxw-4h78-h7fw
github.com/dnsjava/dnsjava
github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d
github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
nvd.nist.gov/vuln/detail/CVE-2024-25638

Code Behaviors & Features

Detect and mitigate CVE-2024-25638 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →