Google Git
Sign in
go / vulndb / 768c201e6d4712f3a862926f0ca3ed2364ab9c6f / . / data / reports / GO-2022-1026.yaml
blob: 788c3f97be80c41c5fb93eb17217c5fa1d21c1fb [file] [log] [blame]
modules:
- module: github.com/peterzen/goresolver
vulnerable_at: 1.0.2
packages:
- package: github.com/peterzen/goresolver
description: |
DNSSEC validation is not performed correctly. An attacker can
cause this package to report successful validation for invalid,
attacker-controlled records.
Root DNSSEC public keys are not validated, permitting an attacker
to present a self-signed root key and delegation chain.
ghsas:
- GHSA-jr65-gpj5-cw74
references:
- report: https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257
cve_metadata:
id: CVE-2022-3347
cwe: 'CWE 295: Improper Certificate Validation'