CVE-2024-25638
DNSJava DNSSEC Bypass
8.9
HIGH
CVSS 3.1
EPSS 0.19%
Description
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
How to fix CVE-2024-25638
To remediate CVE-2024-25638, upgrade the affected package to a fixed version below.
- Debian/dnsjava—no fix listed
- —upgrade to 3.6.0 or later
Is CVE-2024-25638 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- from 0, < 3.6.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L |
| osv | CVSS 3.1 | HIGH8.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L |