-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dnsjava:dnsjava | maven | >= 3.5.0, < 3.6.0 | 3.6.0 |
| org.jitsi:dnssecjava | maven | <= 2.0.0 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from unthrottled processing of DNSSEC records. The patches introduced limits (max_ds_match_failures and max_validate_rrsigs) to these functions. The pre-patch code in ValUtils.verifyNewDNSKEYs iterated over DS/DNSKEY pairs indefinitely, while DnsSecVerifier.verify processed all RRSIGs without constraints. These loops, when fed with maliciously constructed zones, could trigger O(n^2) computational complexity, leading to CPU exhaustion. The commit diffs explicitly modify these functions to add termination conditions, confirming their role in the vulnerability.
KEV Misses 88% of Exploited CVEs- Get the report