1. Home
  2. CVE Database
  3. CVE-2024-25638
HIGH · 8.9

CVE-2024-25638

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability ...

Vulnerability Description

dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

CVSS Score

8.9

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
LOW

Related Weaknesses (CWE)

CWE-349CWE-345

References

FAQ

What is CVE-2024-25638?

CVE-2024-25638 is a vulnerability with a CVSS score of 8.9 (HIGH). dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability ...

How severe is CVE-2024-25638?

CVE-2024-25638 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-25638?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.