Rthalley

**Name of the Vulnerable Software and Affected Versions** dnspython versions prior to 2.6.1 eventlet versions prior to 0.35.2 **Description** The issue allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, also known as a "TuDoor" attack. This occurs because the DNS name resolution algorithm does not wait for a valid packet within the full time window, due to the behavior of eventlet and dnspython. **Recommendations** For dnspython versions prior to 2.6.1, update to version 2.6.1 or later. For eventlet versions prior to 0.35.2, update to version 0.35.2 or later.