4.2.16.Final
11 years ago
9 days ago
Known vulnerabilities in the io.netty:netty-resolver-dns package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to missing validation of the origin of CNAME records in DNS responses within the How to fix Insufficient Verification of Data Authenticity? Upgrade | [,4.1.135.Final)[4.2.0.Final,4.2.15.Final) |
Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers due to the use of a predictable pseudo-random number generator for DNS transaction IDs and a default static UDP source port in the DNS resolution process. An attacker can redirect network traffic or perform man-in-the-middle attacks by spoofing DNS responses. Note: This is only exploitable if the attacker's forged response arrives before the legitimate DNS reply. The timing window is not guaranteed. How to fix Generation of Predictable Numbers or Identifiers? Upgrade | [,4.1.135.Final)[4.2.0.Final,4.2.15.Final) |
Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the How to fix Insufficient Verification of Data Authenticity? Upgrade | [,4.1.135.Final)[4.2.0.Final,4.2.15.Final) |