Vulnerability DatabaseCVE-2024-25638
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-25638
July 22, 2024
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
Affected Packages
dnsjava:dnsjava (JAVA):
Affected version(s) >=1.2.3 <3.6.0
Fix Suggestion:
Update to version 3.6.0
Related ResourcesĀ (4)
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
https://github.com/dnsjava/dnsjava
https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705
https://nvd.nist.gov/vuln/detail/CVE-2024-25638
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
LOW
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
LOW
CVSS v3
Base Score:
8.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
LOW
Weakness Type (CWE)
Insufficient Verification of Data Authenticity
CWE-345
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-349
EPSS
Base Score:
0.19