3 matches found
NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...
NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...
PT-2024-21058 · Dnsjava +2 · Dnsjava +2
Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...