Headline

GHSA-crjg-w57m-rqqf: DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

4 months ago

ghsa

Open in Source

#vulnerability #dos #git #java #maven

Package

maven dnsjava:dnsjava (Maven)

Affected versions

< 3.6.0

Patched versions

3.6.0

Description

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

References

GHSA-crjg-w57m-rqqf
dnsjava/dnsjava@07ac36a
dnsjava/dnsjava@3ddc45c

ibauersachs published to dnsjava/dnsjava

Jul 21, 2024

Published to the GitHub Advisory Database

Jul 22, 2024

Reviewed

Jul 22, 2024

Last updated

Jul 22, 2024

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

1 day ago

ghsa

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

1 day ago

ghsa

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

1 day ago

ghsa

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

1 day ago

ghsa

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

1 day ago

ghsa