Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mmwx-rj87-vfgr: DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

ghsa
#vulnerability#git#java#maven

Package

maven dnsjava:dnsjava (Maven)

Affected versions

< 3.6.0

Patched versions

3.6.0

Description

Impact

Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.

Patches

Users should upgrade to dnsjava v3.6.0

Workarounds

Although not recommended, only using a non-validating resolver, will remove the vulnerability.

References

https://www.athene-center.de/en/keytrap

References

  • GHSA-mmwx-rj87-vfgr
  • dnsjava/dnsjava@711af79

ibauersachs published to dnsjava/dnsjava

Jul 21, 2024

Published to the GitHub Advisory Database

Jul 22, 2024

Reviewed

Jul 22, 2024

Last updated

Jul 22, 2024

ghsa: Latest News

GHSA-jh6x-7xfg-9cq2: Searching Opencast may cause a denial of service