Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DNSSEC validation may accept broken authentication chains
Vulnerability Description
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to authenticate other records in the zone. There is a second variant of this vulnerability involving DS records, where an authenticated DS record covering one DNSKEY leads to trust in signatures made by an unrelated DNSKEY in the same zone. Versions 0.24.3 and 0.25.0-alpha.5 fix the issue.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Hickory DNS 数据伪造问题漏洞
Vulnerability Description
Hickory DNS是Hickory DNS开源的一个基于 Rust 的 DNS 客户端、服务器和解析器。 Hickory DNS 0.8.0及之前版本存在数据伪造问题漏洞,该漏洞源于DNSSEC验证机制错误地将整个RRsets中的DNSKEY记录视为可信,且DS记录验证存在逻辑缺陷。
CVSS Information
N/A
Vulnerability Type
N/A