Headline

GHSA-crjg-w57m-rqqf: DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

3 months ago

ghsa

Open in Source

#vulnerability #dos #git #java #maven

Package

maven dnsjava:dnsjava (Maven)

Affected versions

< 3.6.0

Patched versions

3.6.0

Description

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

References

GHSA-crjg-w57m-rqqf
dnsjava/dnsjava@07ac36a
dnsjava/dnsjava@3ddc45c

ibauersachs published to dnsjava/dnsjava

Jul 21, 2024

Published to the GitHub Advisory Database

Jul 22, 2024

Reviewed

Jul 22, 2024

Last updated

Jul 22, 2024

ghsa: Latest News

GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users

14 hours ago

ghsa

GHSA-3hxg-fxwm-8gf7: CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

14 hours ago

ghsa

GHSA-82j3-hf72-7x93: Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)

14 hours ago

ghsa

GHSA-29wx-vh33-7x7r: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations

14 hours ago

ghsa

GHSA-7vm6-qwh5-9x44: loona-hpack Panic Vulnerability

14 hours ago

ghsa