Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-crjg-w57m-rqqf: DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

ghsa
#vulnerability#dos#git#java#maven

Package

maven dnsjava:dnsjava (Maven)

Affected versions

< 3.6.0

Patched versions

3.6.0

Description

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

References

  • GHSA-crjg-w57m-rqqf
  • dnsjava/dnsjava@07ac36a
  • dnsjava/dnsjava@3ddc45c

ibauersachs published to dnsjava/dnsjava

Jul 21, 2024

Published to the GitHub Advisory Database

Jul 22, 2024

Reviewed

Jul 22, 2024

Last updated

Jul 22, 2024

ghsa: Latest News

GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users