CVE-2024-25638

2024-07-2200:00:00

ubuntu.com

cve-2024-25638

dns

java

privilege

system

unix

vulnerability

CVSS3

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

AI Score

6.8

Confidence

Low

JSON

dnsjava is an implementation of DNS in Java. Records in DNS replies are not
checked for their relevance to the query, allowing an attacker to respond
with RRs from different zones. This vulnerability is fixed in 3.6.0.

Notes

Author	Note
	Priority reason: It requires privilege of the system.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchdnsjava< anyUNKNOWN
ubuntu20.04noarchdnsjava< anyUNKNOWN
ubuntu22.04noarchdnsjava< anyUNKNOWN
ubuntu24.04noarchdnsjava< anyUNKNOWN
ubuntu16.04noarchdnsjava< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	dnsjava	< any	UNKNOWN
ubuntu	20.04	noarch	dnsjava	< any	UNKNOWN
ubuntu	22.04	noarch	dnsjava	< any	UNKNOWN
ubuntu	24.04	noarch	dnsjava	< any	UNKNOWN
ubuntu	16.04	noarch	dnsjava	< any	UNKNOWN