admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-25638.md

20 lines
1015 B
Markdown
Raw Normal View History

Update CVE sources 2024-07-25 21:25
2024-07-25 21:25:12 +00:00
### [CVE-2024-25638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25638)
![](https://img.shields.io/static/v1?label=Product&message=dnsjava&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.6.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%3A%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-349%3A%20Acceptance%20of%20Extraneous%20Untrusted%20Data%20With%20Trusted%20Data&color=brighgreen)
### Description
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
### POC
#### Reference
Update CVE sources 2024-08-05 18:41
2024-08-05 18:41:32 +00:00
- https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d
Update CVE sources 2024-07-25 21:25
2024-07-25 21:25:12 +00:00
#### Github
- https://github.com/phax/peppol-commons
- https://github.com/phax/ph-web
Reference in New Issue Copy Permalink