Описание
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
A flaw was found in the dnsjava package, a DNS implementation written in the Java language. The dnsjava package does not properly check the DNS resource records (RR) relevancy to the DNS query being processed, allowing an attacker to respond to the DNS request with RRs from different zones. This issue may lead to data integrity and confidentiality issues for applications, which due to DNSSEC specifications, might assume the returned RRs are authentic.
Отчет
This vulnerability in the dnsjava package is of important severity due to its potential to undermine the foundational security mechanisms of DNS-based applications. The improper validation of DNS resource records (RRs) allows an attacker to inject records from unauthorized DNS zones, effectively bypassing the integrity checks that DNSSEC is designed to enforce. This flaw not only compromises the authenticity of DNS responses but also opens the door to sophisticated attacks such as DNS cache poisoning and redirection to malicious servers. Red Hat JBoss Enterprise Application Platform 7 & 8 was not affected by this CVE.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 3 | dnsjava/dnsjava | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 4 | dnsjava/dnsjava | Not affected | ||
| Red Hat Fuse 7 | dnsjava/dnsjava | Will not fix | ||
| Red Hat Integration Camel K 1 | dnsjava/dnsjava | Will not fix | ||
| Red Hat JBoss Data Grid 7 | dnsjava/dnsjava | Will not fix | ||
| Red Hat JBoss Data Grid 7 | org.xbill/dnsjava | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 7 | dnsjava | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | dnsjava | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | dnsjava | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.9 High
CVSS3
Связанные уязвимости
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
dnsjava is an implementation of DNS in Java. Records in DNS replies ar ...
EPSS
8.9 High
CVSS3