CVE-2023-26438

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue involves a time-of-check/time-of-use (TOCTOU) weakness in external service lookups for several protocols, related to the JDK DNS cache. This weakness allows attackers to inject configuration that bypasses existing network deny-lists by timing DNS cache expiry correctly. As a result, attackers could exploit this to discover restricted network infrastructure and service availability. Improvements have been made to apply deny-lists during both the check and use of connection data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.