Hello everyone, a while ago I asked for guidance concerning a vulnerability I found in a DNS library. Unfortunately I cannot find the message right now, so please excuse the new thread.
The vulnerability now has a CVE and a GitHub Advisory published here: https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw I suspect this might be useful feedback to some of you designing DNSSEC validation routines, especially for validating stub resolvers. I have done little research into which other DNS libraries might be affected, but bind and unbound seem fine. Best, Thomas PS: The algorithm in the advisory was copied from somewhere else, so please mentally replace "PTR" with any "QTYPE". -- ``` M.Sc. Thomas Bellebaum Applied Privacy Technologies Fraunhofer Institute for Applied and Integrated Security AISEC Lichtenbergstraße 11, 85748 Garching near Munich (Germany) Tel. +49 89 32299 86 1039 thomas.belleb...@aisec.fraunhofer.de https://www.aisec.fraunhofer.de ``` _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
