Bug 2299292 (CVE-2024-25638)
| Summary: | CVE-2024-25638 dnsjava: Improper response validation allowing DNSSEC bypass | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, cmiranda, darran.lofthouse, dkreling, dosoudil, fjuma, fmariani, gmalinko, istudens, ivassile, iweiss, janstey, jpoth, kaycoth, kholdawa, lgao, mosmerov, msochure, mstefank, msvehla, nwallace, pcongius, pdelbell, pjindal, pmackay, rstancel, rstepani, smaestri, tcunning, tom.jenkinson, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the dnsjava package, a DNS implementation written in the Java language. The dnsjava package does not properly check the DNS resource records (RR) relevancy to the DNS query being processed, allowing an attacker to respond to the DNS request with RRs from different zones. This issue may lead to data integrity and confidentiality issues for applications, which due to DNSSEC specifications, might assume the returned RRs are authentic.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2024-07-22 14:20:59 UTC
|