[DNSOP] Potentially interesting DNSSEC library CVE

"Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de> Tue, 23 July 2024 09:41 UTC

Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93DC5C14F69C for <dnsop@ietfa.amsl.com>; Tue, 23 Jul 2024 02:41:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.007
X-Spam-Level:
X-Spam-Status: No, score=-7.007 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aisec.fraunhofer.de header.b="KtC/WhJg"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="BY1/qC1G"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CdqYQ-0z0eHX for <dnsop@ietfa.amsl.com>; Tue, 23 Jul 2024 02:41:43 -0700 (PDT)
Received: from mail-edgeMUC220.fraunhofer.de (mail-edgemuc220.fraunhofer.de [192.102.154.220]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E390BC14F697 for <dnsop@ietf.org>; Tue, 23 Jul 2024 02:41:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1721727703; x=1753263703; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=ApkE139Sjq0yBAJqP8Xg22EYnt0YxcYEA9w/o5lQRFM=; b=KtC/WhJgHV3357qYSrWU13L6v9FbwxPWpOlCezYHvJDXnbh3FVEvpi8k 1gVc2msi5pRIoXO2Rvk/GRAeFR2r5z/xX8G/PA1Mk57zgcCEiUaoNgEDn 7OpbkSyFwD27fcv1XCH7zm/NEufmbSJrMtBwx2yHGIpCGjcrQKnROB1c6 iqgXkrOliZfcaXFY06wDQnxn7dlrFEOj8mtKb+9VMyufP6y9VLQEv7aV5 EhVrtFENPAnTQSVISZ/x4K9wePuE4ovEcowFq0LZ67pRVeOXgopCuSD1I sMYKhya/QOxHszqJliYcLiS3fhUjFfLK7GejWbAHoffJzU0s+0lSx2C7k A==;
X-CSE-ConnectionGUID: H6JODAujRoCoDZNW+xfcMw==
X-CSE-MsgGUID: wF2kc0cESWWT1JSli8ZcMw==
Authentication-Results: mail-edgeMUC220.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-IPAS-Result: A2GxLAAJep9m/3KjZsBagQmBT4JEegKBZAOEU5VhmEYqgSyBJQMYFigPAQEBAQEBAQEBBwEBOwkEAQEDBIQ5RhiJISc0CQ4BAgEDAQEBAQMCAwEBAQEBAQEBAQUBAQYBAQEBAQEGBwKBHYUvRgEMgniBEmMIOwEBAQEBAQEBAQEBAQEBAQEBAQEBAQETAggFGQ82SREMAQE4EQEiAiYCBC8VEgQTgwGCMAMxFK4YgTKBAYIMAQEGgmbYPhiCRAkJAYEQLoNugQWDLhoBb22EKoRHggxDgRU1hhQCgXWDRoJpiAoBkUOEKlcPglyDehcmC4EbjEIJgUYcA1khEwFVExcLPh0CFgMbFAQwDwkLJikGOQISDAYGBlkyCQQjAwgEA0IDIHERAwQaBAsHcgWDJQQTRgENgSqJXYMxghiEG4UwgWsMYYd2gXGBPoFgSoEZgWVLhVAdQAMLbT01FBtDqhyEHYEfgiwllmuvDQMEA4IzgWEFjA2VPTOEBY0AhkSSc5hsII1YlUKFKQIEAgQFAg8IgWeCFnGDNglJGQ+SGzOGAMVKeAILLgIHAQoBAQMJiHAtgU8BAQ
IronPort-PHdr: A9a23:Pppp1BLrsWZQix5OH9mcuDVnWUAX0o4cQyYLv8N0w7sbaL+quo/iN RaCu6YlhwrTUIHS+/9IzPDbt6nwVGBThPTJvCUMapVRUR8Ch8gM2QsmBc+OE0rgK/D2KSc9G ZcKTwp+8nW2OlRSApy7aUfbv3uy6jAfAFD4Mw90Lf7yAYnck4G80OXhnv+bY1Bmnj24M597M BjklhjbtMQdndlHJ70qwxTE51pkKc9Rw39lI07Wowfk65WV3btOthpdoekg8MgSYeDfROEVX bdYBTIpPiUO6cvnuAPqYSCP63AfAQB02hBIViHd7zyjBcbKsDKip8BU+jCibf35F+oZaDK+t 5Z7Qy7FoXYYcDlk9FjtpOkl38c56Bj0jS0mhJf/Oa6XZfhUbP3aYNZBfmsYRONjTHZeGd2aQ aEUSOYtZ892nrjUixwjtCOuL1WHWLn3wz8ThljXmrwh3/YGNw+W7j58PoJVuiTog/rbFfgdd NmQxYbTkxyZfc9R6ROtr9PydzUzh8msVuJebeH36GM/Eib+iWSgm4DbJ2+z08s8t2y8zeVvD KX/lSkji1FAhQOxmc4JhaXEn5gT00rY/hh6h7w8L56JHR0zcZulCpxWryaAK85sT9g/R309o C8h0e5uUf+TeSELzNEqyxHSTsGsKdLQpBz5XfuXITB2iWgjdL/szxqx8E310uTnTYH0y1dFq CNZj8PB/m4AzR3d68WLC7N9806t1CzJ1lX75PtNPEY0kqTWMdgmxLsxnYAUqkPNAmn9n0Ces Q==
X-Talos-CUID: 9a23:wY5bLWuzLVqrIgXfQ7fjoCIL6IsFLF/64F7NIXW/ImFFepuqCk+e84Z7xp8=
X-Talos-MUID: 9a23:icK3qggj74GxdG6y/dbfFMMpK+ky4K/2A202rqo64uu/MS0gCTy4k2Hi
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.09,230,1716242400"; d="scan'208";a="2521564"
Received: from mail-mtabi114.fraunhofer.de ([192.102.163.114]) by mail-edgeMUC220.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 23 Jul 2024 11:41:38 +0200
X-CSE-ConnectionGUID: b/gDCgiTSVmrNYEas61Fgg==
X-CSE-MsgGUID: 64BNvp89SD2GP7TV+Ye+Gw==
IronPort-SDR: 669f7ad1_K4XnmGO6sxyxAS/cuwZTtUOGfCP5fGIb8SX26zxs9YastIx LbG5nFeE7lKT4gkJiG6IP4g8Yp+DPLL7/afHSJA==
X-IPAS-Result: A0C12ADIeZ9m/3+zYZlagQkJHIEqgXJSBz41AlyBCAOEUoNMA4Uthk4BglwBgzmYcIEsgSUDVg8BAwEBAQEBBwEBOwkEAQGEQF6JHgInNAkOAQIBAQIBAQEBAwIDAQEBAQEBAQEBBQEBBQMCAQEGBYEOE4V1AQyGdhERDAEBFCQRASICJgIELwcOEgQTIoJfgjADMQICAg6hMgGBQAKLIoEygQGCDAEBBgQEgl7YPhiCRAkJAYEQLoNugQWDLhoBb22EKoRHggxDgRU1hhQChTuCaYgKAZFDhCpXD4Jcg3oXJguBG4xCCYFGHANZIRMBVRMXCz4dAhYDGxQEMA8JCyYpBjkCEgwGBgZZMgkEIwMIBANCAyBxEQMEGgQLB3IFgyUEE0YBDYEqiV2DMYIYhBuFMIFrDGGHdoFxgT6BYEqBGYFlS4VQHUADC209NRQbQ6ochB2BH4IsJZZrrw0DBAOCM4FhBYwNlT0zhAWNAIZEknOYbCCNWJVChSkCBAIEBQIPAQEGgWc8gVlxgzYJRgMZD5IbM4YAxUpFMwILLgIHAQoBAQMJiHAtgU0BAQ
IronPort-PHdr: A9a23:xvg7rBYFZDZ66TIW5Hf+TVj/LTF/0YqcDmcuAucPlecXIeyqqo75N QnE5fw30QGaFY6O8f9Agvrbv+f6VGgJ8ZuN4xVgOJAZWQUMlMMWmAItGoiCD0j6J+TtdCs0A IJJU1o2t2ruKkVRFc3iYEeI53Oo5CMUGhLxOBAwIeLwG4XIiN+w2fz38JrWMGAqzDroT6l1K UeapBnc5PILi4lvIbpj7xbSuXJHdqF36TFDIlSPkhDgo/uh5JMx1gV1lrcf+tRbUKL8LZR9a IcdISQtM2kz68CujhTFQQaVz1c3UmgdkUktYUDP7ETTRpTc63CrjehkgDiwFO/vdeAEVm74w pZtVEfZmCw2Ghdo7ybQ18hJtox+9UHExVR1lqTlOcaMH6NRfPLfV8FEQndEBf1QDjZkMJjmc JBRKcQrJqFUg9PUiWo/hDf5KBCUFMmz4WMSnnb2hq0d8qMwCg3U+youT+A87FWE99+lCIg9f 8Hqw4zx6DzsdK1/gyXB77jsIld6m/SpT5RIUcGB51UEMSLvnlC1kovUDwGZ6PxRlW203u5kc sCghDdg+x82phj/9+AXlNbAo405x0ne8zxj3I0IJpqCQUQ4UIv3WIsVtjudMZNxWN9nWWxzp SImn6UPooXoFMBr4JEuxhqabuCOWanRu06lWvyYPDF4g3xoYvSzikX6/Uuhz7jkX9KvmBZRr yVDm8XRrH1FyRHJ68aGR/c8tkes0DqCzUbSv8lKO0kpk6rcJZM7hLk2k5sYq0PYGSHq3k7xi cer
IronPort-Data: A9a23:0A2+CqOOlh8HbajvrR2CksFynXyQoLVcMsEvi/4bfWQNrUoj0TQGx 2tMXDyHMv3YMGX8LtsjbITk9BsFuJLTz9NnQXM5pCpnJ55oRWUpJjg5wmPYZX76whjrFRo/h ykmQoCdap1yFzmE+0rF3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZg6mJTqYb/W1LlV e/a+ZWFZAf6gWUsaAr41orawP9RlKSq0N8nlgFmDRx7lAe2v2UYCpsZOZawIxPQKqFIHvS3T vr017qw+GXU5X8FUrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRuukoPD8fwXG8M49m/c3Cd/ /0W3XC4YV9B0qQhA43xWTEAe811FfUuFLMqvRFTvOTLp3AqfUcAzN1kS04aFoIZxt1JBHtox NERM25UQB+M0rfeLLKTEoGAh+w4KdXzeo4PsXEmwyvQEPAmRp7OWePG6Le03h9p25sITKmYP pVIL2M1M3wsYDUXUrsTII4+m+KhnT/1fjlcpVicuK8f6mnIwQc33qLkLdzVfdKHX4NZky50o 0qcrzmnWE9LXDCZ4WTZ2FSynr+epg+hd7pNKIP7x/Mpr0LGkwT/DzVTDzNXu8KRhkilXMp3K kEI9Gwpt6dayaCwZoCgBFjp/zvd4U9ZAoAPVfM/rgrLxLDd/gCZAWYJVHhNZbTKqfMLeNDj7 XfQ9/vBCyZmrbuVTnyQ7PGTqzazMjISNmgMeWkPSg5t3jUpiNhbYsvnF449SvyGnZfuFCvuw juHiiE7iv9BxYQIzqi3txSPyT6lupGDHEZ/6xT1T1CVyFpzRLekQIi0tnndz/JLd7iCQne74 XMrpsm57cI1N6+rqhCjeus3IeyW1663CwGE2V9LNLs9xgup4E+mLNxx4ikhBUJHMfQkWD7OY W2LsCwA+K5jGWabaJFsaa2PCvUa87TZOvr9XarqbP5LUIlARDGa9Q4/YHyg/n3fv3UttYodO p6rV9mmIlhHKKZgzRuwH/w8151yzA8A5Grjf7LJ5DX57qi/PVm7EawkNnmKZcAHtJK0mh3fq YtjBpHb2idhX/3bSQiJ14wqdHQhD2UxXLLyoOxpLt+zGBJsQjwdOqWA0IEaWtJXmopOnb315 VC7YEhTzWT/iVDhKQmnbnNCaqvlba1grEAUbDAdAlK150cNOYqfzr8TV58ST4kV8OZOyf1VT f5cX+6iBv9JaCrM+hVDTJ3bgbFhSi+WhlO1D3L4WAQ8Qp9ufByW29nGegC0yjICIBDqvuQDo pqh9Djhf7w9eypYAv37VteT3nKqnH1EmOtNT0rCedZSX0P38blVES/6j95pAscqNRnj7yao5 waUCDxFoOLIjdY/9dnXt6W6vqOsKe9fH1VbLUbf/72ZJSnXxUv94I5iAcKjXyHRa3Pww4qmP d5q9vDbNOYWumpKv65XMadZ/Yhn6/TB/7ZlnxlZRlPVZFGVO5ZcC3ih3/gXkJZSx7Vc6DCEa mjW9vZ0Yby2ad7YSngPLw8Yb8OG5/Eeuh/Wyd8XeEzaxitGzICrYHVoHSunqXJideNuEYYf3 +0eltYc6FW/hjoUI9+2tH1o2FrWHEMQcZcMl888O5DquDoJ21sZQJ37Cw3K2r+tRehIEHEXJ m6zuPKfqZVanlHPYlgiJ0jrhOB9v6kDiDpO7V0FJmmKpOb7u+8K7EVR3AkzHytozURh8uNsO 2JUGVV/CoeQ8hxJ2sVSfWCeNDtQJR+e+0Dey0UDq0PLa0yKUmbiPGkMPMjU9n0z82tsWDxq7 eydw2PLCDzvfN/D2xUjfUtfr93iUt1D2QnQk++3H8m+PscbYhjhiIC+YVsNhULtOtw+umLHu +NV0vRRb/XgFCgy+qcUNaiT5Y4yejulelNQYKhG0vsSPGf+fDqS52C/G3qpcJkQG82QoF6KN cN+A+luCTK87X+qhRIGD/cuJ7RUoqYY1OAacOm2GV9c4qqtlRs3gpf+7SOkuXQKRe9pmsMDK o/8UTKOP2iTpHlMkV/2s8h2FTukUOYAeTHD8ri5wMcRG7IHldNcQ0U4/7+3nneSaS9M3Rafu iHdbK73kc1m76lRnLXXL6YSPDXsdOvPV9mJ/j7q4p4KJZnKPNzVvgwYlkj/Mk4EdfENUtBwj vKWvMSxwErBu60sXnvEn4WaUZNE/ti2QPEdJ/efwKO2RsdecJSED8M/xl2F
IronPort-HdrOrdr: A9a23:KGkOR6nmh7iEDy7ONLjRpZ4/gifpDfPkimdD5ihNYBxZY6Wkfp +V88jzhCWZtN9OYhwdcIi7SdG9qADnhOVICOgqTMOftWzd1ldAQ7sSi7cKrweQeBEWldQtop uIEZIOceEYZGIS5a2RgWmF+r4bsZm6GcuT9ILjJgJWPGZXgtZbnmNE42igYy9LrGovP+t6KH LCjfA34wZJHBwsH4eGL0hAe9KGi8zAlZrgbxJDLQUg8hOygTSh76O/OwSE3z8FOgk/t4sKwC zgqUjU96+ju/a0xlv3zGnI9albn9Pn159qGNGMsM4IMT/h4zzYLbiJGofy9AzdktvfomrCo+ O87ivI+P4Dp085S1vF6icFHTOQnwrGpUWSh2NwykGT2/ARDAhKdvapL7gpM2qf16NnhqA47E sD5RPni7NHSRzHhyjz/N7OSlVjkVe1u2MrlaoJg2VYSpZ2Us4lkWUzxjInLH47JlOJ1Kk3VO 11SM3M7vdfdl2XK3rQu2VpzdS2Gm4+BReLWAwDvdaJ2z9dkDR4wiIjtbIid1s7heIAosN/lp j524xT5cBzcvM=
X-Talos-CUID: 9a23:rE+dTGyJDNyCgT8kZdOKBgUeXc8JWXLc8EzuJlWeOEtgU+PMZ1CfrfY=
X-Talos-MUID: 9a23:e7eGpw2dBqugYstL6UFuC6cnhDUjvfiELl4VwcQ9l5OrDXNMBXSsgXeYXdpy
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.09,230,1716242400"; d="scan'208";a="2856269"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaBI114.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jul 2024 11:41:37 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 23 Jul 2024 11:41:37 +0200
Received: from FR5P281CU006.outbound.protection.outlook.com (40.93.78.49) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11 via Frontend Transport; Tue, 23 Jul 2024 11:41:37 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GgvdvUAex0cint4jJLMw+Jdr+tEw/3ZuHKlOdCqdXBl2xCtNktNYyls8lFoU55uRbOVgnoe8H9CkR2p3Isw1GR4BJ1ntI+cP7fmue9vEzvuP/+fBAxeiSDs4N6k62xU25JG5lmogxP3CxxKEpUEFWbpKLkWB1Qilia3bErLCgKwZd3CwVLwLCYUsgz53FYdcpBAbNlixbKYHquvqXRpoTs1fRknkk3NGN/IJ1vE5uChIYRXzBg36gBiP9h/gdctAhk5EZkIIWFk+QqhpAg/jodhukirjh0L9qniUFhsL9gmOJumZiGDi5YLLDMjUqQgOI86VuqnojQTpQ3n8nsk4Vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ApkE139Sjq0yBAJqP8Xg22EYnt0YxcYEA9w/o5lQRFM=; b=phn/uL1kWavXVDrG8tB1YgmUeBkJd1bS0Cm0HT2vkihtttYFbZDkpq5FVRSpEtsauOwrz+1hEidfJam7KtRqe7897feYAH7AkxEDpznazu2Dw1TKPhyI4aLeNQRdcHSn2iec1I4IK/bT6Lmrxs1Fy8YhsBkny9ZdKJGSB9YqFrFOzgR+hBlc9r26ZFZ+VPjlUD5jATKuFclMzjNsChAAHpqmJys9jXc0OtQHwwGSVmENuxJGvw+lka/EwosnsyRnBOS65x/WOBVaUurRqRkg8P0UoRuUAfDtI2wdNIn/R/dFu/YSNlS9KNCVoYtqU1idKaYHoc9yIWe3lvUhtPPX6w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ApkE139Sjq0yBAJqP8Xg22EYnt0YxcYEA9w/o5lQRFM=; b=BY1/qC1Gj9jBz6oum3Si1rMZs2ws6NFBs/dD2AFYYAD/EqPxB4C42pah3hOI/ysdzONf8ZZ4I83b8TGGFI7gMQMaGs6A2zToXL8/3RmMzNPHc8FtCNIBxmMSoYXZdVp4NmGYllOJgg1/8v/lH8YOSv7aMgDeqrnqrtcUk/Rab+Y=
Received: from FRYP281MB3146.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:73::12) by FRYP281MB2969.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:72::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.20; Tue, 23 Jul 2024 09:41:36 +0000
Received: from FRYP281MB3146.DEUP281.PROD.OUTLOOK.COM ([fe80::3e24:f703:644c:eba8]) by FRYP281MB3146.DEUP281.PROD.OUTLOOK.COM ([fe80::3e24:f703:644c:eba8%4]) with mapi id 15.20.7784.017; Tue, 23 Jul 2024 09:41:36 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: Potentially interesting DNSSEC library CVE
Thread-Index: AQHa3OSC9eRyis58Ik2MZFtU4aV5LA==
Date: Tue, 23 Jul 2024 09:41:36 +0000
Message-ID: <5a524dc46c1fbb16b89412054635d3e766d638cb.camel@aisec.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: FRYP281MB3146:EE_|FRYP281MB2969:EE_
x-ms-office365-filtering-correlation-id: 69ef3250-cc30-46b2-a5f4-08dcaafba54f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018;
x-microsoft-antispam-message-info: zi831AFjWYe77s5TJt8jI4n22k+gMR5tm299N21ejj+ET52i5UeqVjgEER9NQlQculjlO0V6dDNT8C5TdBFG2F0dkWPcxb4HFyTwVA16cJXWQskCxogw/OJHyLvrtplG5zeVIovTYIi1lKxpO10j0uIyQFYzpvY4HyvL+jPTjI83gcw/5iaAaJNLmrLvIIGP+OCo32NBXOv8BMgGrCbAAMmVogUvMhbpQxrQhh51C50hEVC1WYEFcT4f/yOlYtg2qhBDoubSSqvXbqpBbWMuD8Xjt9NZGQDZNRFdQmygE4hqlis57xyCfKtB+uaEhLgziKglKPW4wcC7wDVwfnvriVEDR5CfWMaNlurHnV/VP/QKUWLmkYtlwLzZqej100ACyXrehV8nLNn7RCoZBsXnJO7nzAOk9Roa5i2OlLx7bBkNjuE61wCMlNNjXtBnPvJLgVATIckxU8C+ge6r9mtxpTHac0gnVoyvEt/NfEKY/a9qPUzG6tQ2GP+z/kezCPZee++6M0VjDuNcZNooxP7BjSX41Z+c5pQJ6YB7ceOMfKcAYPk2FHT1SDSLbbKYJUvB22cHPj8ABrd5WjaU1JdMnyQtjalyvUYkoFVLvJe76Rq5CQ+HJ1tYndfbSCYBACCNzDCe4fRNgAZ3memrI6yPTqm2aoJzgOFWEYhBpkAnLC1ZrJrytZ99kcyjMZpDSxcxJpvKyuJy1/VYKGM2JjcImD+wMmjUHcuMM1uH1pGkGaVuuKYZgKmSeNUTEr5CtrgiNcX6bi+raFCaeuUMBic/M+PkSPqNl/QhVfDIhToV60lP5o4Cu8PhzjvUB1zxvIxGiGOggwRonL6YAiSOBffGlJc0bnIht+pM5MzqBo6FMJcfmz1uxtBZSSwr9yYnKa6iPGwnV6MJQXQdKcvwKzSL7zegDop/1QxaQc7Cxhk6qBTrfEbfSkf4iROMfIJPPIRrdqtuVR65GGCkCr4zVLPqG7pgJ+EJWoX+yb4uK8Ndo9vaqIyHew6BX6/ZcU7C/4rjsNCp/AC/3f5++uvKW0SmZgidBQXxVJDufw7s6Ak3Kcqoj+iYA5N3s6LvI3EvB/s2paw1sciXS+eSBU8gs9EV2GtuUL0hOR6a5u6FbJO8kpwW6Q7tD63webIdq3NmZdT/93nWIkx3/cDOUemtXTLvKgNA0210gBLov58mVjkuL5DZOvdmmlO/Hom6ZTI8KFfBeRMbH7JRhLy/IuMjGWunvzCtGHdT4m4ZopXXyAKHtbhXnte5tKKs5SfMYXiiSnz8BK36Yo4plEzW5ueQ99C3Q/XjOHN4KPFcSRITL0RNE3jfLV/pLaWjJG/bhoRyMg9ShQyYtaM6lr1MTsZt1lhkOet2NTiS3h5We4jCAxpDad8=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FRYP281MB3146.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XRfg6rIoU7tHLtGggk4rcAcdpplmdut3l8iLeUd6NCB8Xt+eWSL5KGDCd35IcPS7pgXf+Yal2mL4L5FgkfBPmggiTW0Lxu9QOQXikbpbQt++bb8IZcuvzYotdS2NTi/n9SftDskcQNtejPI+le6OusmxivD0gTGxb5DET2DqhfLvWbJ+093TZO3mz475PQYr19RfuXw/8P1jRwc+RrTmpfVHjhqC9Ay0A2fFe/12WZIghBtyT6KmHnKY8WYPvxRsEyPaamseYxgXvVcHc5FfkOhOGIQZqiIBov1FVnT/z+0+nGL2rYT5z4zGNQemGeIazkpPWT1bchxhGIUnaSZBgntb2paReHkgWNzkgzEx11K19DnvXttpb3h80ypS81m5cWkrWUrjyvzyRSZbSUFNdj/YrWnEyohHKZghkxf0NhQ/gDMQ3KwibtmZPYKyZX6S49NB4GItGQ8rTk9dc+tczZBbR5CowziKOuXbTWZhZlDNBSYOmYbSCdecTlDQC2rlc/R0ATZlgvv9p1soSNjCGAG+OACqCb5PkFm9jht8/x6/LnaS2dt+kCMUUqUf5oVcN4l0FC/PFdSwd9M2tAxXzAdqMmOI7F1tGwjnCN6lfc5dB4eCHQMHjNlO6KDx0ZnOFsrDSJBDaSDYmlGXDXiBKhpfQwLbKzqmhjC7oAqCmwlGNTA3XdrPfwsURuCjJ2/PYZK/keeRT8QAWvSvrigAPgPjMoGYY+xE1ugIL1nIqRpFIT5iYpqM/HoXZpWSs3ICT55bSk4OqeKYHaCcT7XrLKCusGrp3ZS4e3ydfjcdEKSvsdWSdhxAELNqnebcxIt+3AWzUqX/5gBZqd4Qu3vPM2IJUVvCtsj8q4AfdKUuwNsqhf4x7Vqmm6+3GiH3Slblo/uGDEIW48JAVuaVw8pC9EI/67KLIHelxmMQZosdTsVTX+f4NmDsxsh4W3i5jybMr5rKhYa1TL71veWXcRKORoQBRl80e2YQ1lBavaFeYDgmi/eOViaGsZW3EhDP1ovgvnWr8driE8rG2LVx9SafiuPgf14sZV/TSbqaSnKNVwV6NT8uxfJKSLLSlNPJQjde0f6ClP9ZkMa8J9oG33Zrwr3M7+EtKyXPruY1b0SqQqAGDwYIBGfz2bORYtGezIbNiHw/e0bi4O8OYo3QqeWyPHBdg20jO2C3+1GMW7j8O7PgL05N/+Mj0ht+5J6rafP3/P07W10AGQr9PuoLUN7bgJS+gOXbmof03SR27lIaOpXUQsJT3stTzB3vOAh9wMhl8BSR7GAx7s+tYSkx+ZHHthSjjEFW2Y4y4+u4AvyGnMNNdP9vK6u9/WVPdDegQk2JSKAHONa4bu60eaFXMGj5d0wDVy952aIld8Qv8eN8thYarekRQPG4YF7plzKBliWH2or8H6hl0lQLfsf7i5R0Sz7btTC0MzYxSEFDCONyetHeHf9wCteizjqDciZlXPwEA1vNhXnDtFM055RVgJisDFy9yuMWXhbXSbfC0PoBNt4c9wQ3m7hzZ2jdfGyKlIyIIsC6qCg5lXVMUFfSuo/wVEOypMsxCANrdrSzgrXLLgCjzM5IGSpy5ZrvFNf5wPGiLCI2DK8zrYo5RbiijWn/ZBsvAwOcOT/ClTJvQ2doVCA=
Content-Type: text/plain; charset="utf-8"
Content-ID: <F58C415E4B599D4AB855CC92BFDA9915@DEUP281.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FRYP281MB3146.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 69ef3250-cc30-46b2-a5f4-08dcaafba54f
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2024 09:41:36.6539 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G1Cni8lKLLvuyqx5iThNqrdtmbX3XEeoZA3e1YzSuGYACh2+ZDI7wTImFF11fRwvMseAx8AiBvqBBacIG2cmLql5NNaIB+ba64QDif96AhTGbN3OAC1Te8TJufn3elM7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRYP281MB2969
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: CEW6HB746UM2JL4LB7ZOFKZAH3ZED22X
X-Message-ID-Hash: CEW6HB746UM2JL4LB7ZOFKZAH3ZED22X
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Potentially interesting DNSSEC library CVE
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/cCFGeI3o6wSSx2Gh2W5GmWdAmdQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Hello everyone,

a while ago I asked for guidance concerning a vulnerability I found in a DNS library.
Unfortunately I cannot find the message right now, so please excuse the new thread.

The vulnerability now has a CVE and a GitHub Advisory published here:
https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

I suspect this might be useful feedback to some of you designing DNSSEC validation routines, especially for validating stub resolvers. I have done little research into which other DNS libraries might be affected, but bind and unbound seem fine.

Best,
Thomas

PS: The algorithm in the advisory was copied from somewhere else, so please mentally replace "PTR" with any "QTYPE".

-- 

```
M.Sc. Thomas Bellebaum
Applied Privacy Technologies
Fraunhofer Institute for Applied and Integrated Security AISEC

Lichtenbergstraße 11, 85748 Garching near Munich (Germany)
Tel. +49 89 32299 86 1039
thomas.bellebaum@aisec.fraunhofer.de
https://www.aisec.fraunhofer.de

```