CNNVD-202511-1405 Information
CNNVD ID
CNNVD-202511-1405
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
kdcproxy是latchset开源的一个Python库 kdcproxy存在安全漏洞,该漏洞源于默认查询DNS SRV记录,可能导致服务器端请求伪造攻击。
Description (English)
kdcproxy is a Python library of a matchset open source There is a security loophole in kdcproxy, which stems from the default search of the DNS SRV records, which could lead to the server requesting a false attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
latchset
Published
2025-11-12
Last Modified
2026-02-24
References
https://access.redhat.com/errata/RHSA-2025:21138 https://access.redhat.com/security/cve/CVE-2025-59088 https://github.com/latchset/kdcproxy/pull/68 https://bugzilla.redhat.com/show_bug.cgi?id=2393955 https://access.redhat.com/errata/RHSA-2025:21142 https://access.redhat.com/errata/RHSA-2025:21141 https://access.redhat.com/errata/RHSA-2025:21140 https://access.redhat.com/errata/RHSA-2025:21139 https://vigilance.fr/vulnerability/kdcproxy-information-disclosure-via-SRV-Records-Scan-48766
Patch
https://github.com/latchset/kdcproxy/releases
Share on: