Количество 6
Количество 6
CVE-2025-25188
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to authenticate other records in the zone. There is a second variant of this vulnerability involving DS records, where an authenticated DS record covering one DNSKEY leads to trust in signatures made by an unrelated DNSKEY in the same zone. Versions 0.24.3 and 0.25.0-alpha.5 fix the issue.
CVE-2025-25188
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to authenticate other records in the zone. There is a second variant of this vulnerability involving DS records, where an authenticated DS record covering one DNSKEY leads to trust in signatures made by an unrelated DNSKEY in the same zone. Versions 0.24.3 and 0.25.0-alpha.5 fix the issue.
CVE-2025-25188
DNSSEC validation may accept broken authentication chains
CVE-2025-25188
Hickory DNS is a Rust based DNS client, server, and resolver. A vulner ...
GHSA-37wc-h8xc-5hc4
Hickory DNS's DNSSEC validation may accept broken authentication chains
BDU:2025-01586
Уязвимость функции verify_dnskey_rrset() DNS-клиента Hickory DNS (ранее Trust-DNS), позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-25188 Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to authenticate other records in the zone. There is a second variant of this vulnerability involving DS records, where an authenticated DS record covering one DNSKEY leads to trust in signatures made by an unrelated DNSKEY in the same zone. Versions 0.24.3 and 0.25.0-alpha.5 fix the issue. | 0% Низкий | 9 месяцев назад | |
 | CVE-2025-25188 Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to authenticate other records in the zone. There is a second variant of this vulnerability involving DS records, where an authenticated DS record covering one DNSKEY leads to trust in signatures made by an unrelated DNSKEY in the same zone. Versions 0.24.3 and 0.25.0-alpha.5 fix the issue. | 0% Низкий | 9 месяцев назад | |
 | CVE-2025-25188 DNSSEC validation may accept broken authentication chains | 0% Низкий | 2 месяца назад | |
| CVE-2025-25188 Hickory DNS is a Rust based DNS client, server, and resolver. A vulner ... | 0% Низкий | 9 месяцев назад | |
| GHSA-37wc-h8xc-5hc4 Hickory DNS's DNSSEC validation may accept broken authentication chains | 0% Низкий | 9 месяцев назад | |
 | BDU:2025-01586 Уязвимость функции verify_dnskey_rrset() DNS-клиента Hickory DNS (ранее Trust-DNS), позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу