GHSA-crjg-w57m-rqqf: DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
(updated )
Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.
References
- github.com/advisories/GHSA-8459-gg55-8qjj
- github.com/advisories/GHSA-crjg-w57m-rqqf
- github.com/dnsjava/dnsjava
- github.com/dnsjava/dnsjava/commit/07ac36a11578cc1bce0cd8ddf2fe568f062aee78
- github.com/dnsjava/dnsjava/commit/3ddc45ce8cdb5c2274e10b7401416f497694e1cf
- github.com/dnsjava/dnsjava/security/advisories/GHSA-crjg-w57m-rqqf
- nvd.nist.gov/vuln/detail/CVE-2023-50387
Detect and mitigate GHSA-crjg-w57m-rqqf with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →