{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"HIGH" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.", "category":"general", "title":"Synopsis" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25638" }, { "summary":"CVE-2024-25638 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2024/csaf-openeuler-cve-2024-25638.json" }, { "summary":"openEuler-SA-2024-1899", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1899" }, { "summary":"CVE-2024-25638", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-25638&packageName=dnsjava" } ], "title":"openEuler cve CVE-2024-25638", "tracking":{ "initial_release_date":"2024-07-26T20:58:50+08:00", "revision_history":[ { "date":"2024-07-26T20:58:50+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-08-19T17:35:46+08:00", "summary":"Current version", "number":"2.0.0" } ], "generator":{ "date":"2024-08-19T17:35:46+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-08-19T17:35:46+08:00", "id":"CVE-2024-25638", "version":"2.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"dnsjava-3.5.3-2.oe2403.noarch.rpm", "name":"dnsjava-3.5.3-2.oe2403.noarch.rpm" }, "name":"dnsjava-3.5.3-2.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm", "name":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm" }, "name":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"dnsjava-3.5.3-2.oe2403.src.rpm", "name":"dnsjava-3.5.3-2.oe2403.src.rpm" }, "name":"dnsjava-3.5.3-2.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"dnsjava-3.5.3-2.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", "name":"dnsjava-3.5.3-2.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"dnsjava-javadoc-3.5.3-2.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", "name":"dnsjava-javadoc-3.5.3-2.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"dnsjava-3.5.3-2.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src", "name":"dnsjava-3.5.3-2.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-25638", "notes":[ { "text":"dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", "openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", "openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src" ], "details":"dnsjava security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1899" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.9, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.noarch", "openEuler-24.03-LTS:dnsjava-javadoc-3.5.3-2.oe2403.noarch", "openEuler-24.03-LTS:dnsjava-3.5.3-2.oe2403.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-25638" } ] }