dnsjava:dnsjava@2.0.8 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the dnsjava:dnsjava package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Acceptance of Extraneous Untrusted Data With Trusted Data

Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data due to missing authentication in DNS responses. An attacker can manipulate DNS records and redirect network traffic or intercept sensitive information by injecting or altering DNS records from different zones in the communication channel.

Note:

This is only exploitable if the application utilizing DNSSEC does not implement additional checks on the relevance of DNS records to the original query.

How to fix Acceptance of Extraneous Untrusted Data With Trusted Data?

Upgrade dnsjava:dnsjava to version 3.6.0 or higher.

[,3.6.0)
  • H
Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when DNSSEC validation is enabled, due to a flaw in the DNSSEC specification. An attacker can flood a resolver with NSEC3 closest encloser proof queries to consume excessive resources and deny service to other users (keytrap).

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade dnsjava:dnsjava to version 3.6.0 or higher.

[,3.6.0)
  • H
Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when DNSSEC validation is enabled, due to a flaw in the DNSSEC specification. An attacker can send traffic from a malicious signed domain that occupies excessive CPU on the target system (keytrap).

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade dnsjava:dnsjava to version 3.6.0 or higher.

[,3.6.0)