Описание
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dnsjava | fixed | 3.6.2-1 | package | |
| dnsjava | no-dsa | bookworm | package | |
| dnsjava | no-dsa | bullseye | package |
Примечания
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
https://github.com/dnsjava/dnsjava/commit/2073a0cdea2c560465f7ac0cc56f202e6fc39705 (v3.6.0)
EPSS
Связанные уязвимости
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
Уязвимость реализации DNS Java dnsjava, связанная с недостаточной проверкой подлинности данных, позволяющая нарушителю обойти ограничения безопасности
EPSS