Insufficient Verification of Data Authenticity

CVE-2024-25638

High

8.9/10

Summary

The dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability affects the package dnsjava:dnsjava versions prior to 3.6.0.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

Advisory
Release Note

Advisory Timeline

Published Jul 22, 2024

Insufficient Verification of Data Authenticity

CVE-2024-25638

Summary

CWE-345 - Insufficient Verification of Data Authenticity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS