VDB
DEBIAN-CVE-2024-25638
DEBIAN-CVE-2024-25638
PUBLISHED
CVSS 8.899999618530273 HIGH
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
Risk Scores
CVSS 3.1
8.899999618530273
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | dnsjava | 3.6.3-1, 3.6.2-1, 3.6.2-2 |
| Debian:14 | dnsjava | 0, 0 |
| Debian:11 | dnsjava | 3.6.2-1, 3.6.2-2, 3.6.3-1 |
| Debian:13 | dnsjava | 0, 0 |
Exploit Intelligence
- workflow-pinning-gate.mjs (github-poc)
- truth-gates.mjs (github-poc)
Timeline
- Jul 22, 2024 CVE Published
- Apr 28, 2026 CVE Updated