data/reports/GO-2022-1026.yaml - vulndb - Git at Google

 modules:
   - module: github.com/peterzen/goresolver
     vulnerable_at: 1.0.2
     packages:
       - package: github.com/peterzen/goresolver
 description: |
     DNSSEC validation is not performed correctly. An attacker can
     cause this package to report successful validation for invalid,
     attacker-controlled records.

     Root DNSSEC public keys are not validated, permitting an attacker
     to present a self-signed root key and delegation chain.
 references:
   - report: https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257
 cve_metadata:
     id: CVE-2022-3347
     cwe: 'CWE 295: Improper Certificate Validation'
	modules:
	- module: github.com/peterzen/goresolver
	vulnerable_at: 1.0.2
	packages:
	- package: github.com/peterzen/goresolver
	description: \|
	DNSSEC validation is not performed correctly. An attacker can
	cause this package to report successful validation for invalid,
	attacker-controlled records.

	Root DNSSEC public keys are not validated, permitting an attacker
	to present a self-signed root key and delegation chain.
	references:
	- report: https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257
	cve_metadata:
	id: CVE-2022-3347
	cwe: 'CWE 295: Improper Certificate Validation'