blob: 47301fd6379b35e0253f1ee2b10d3796aa450c54 [file] [log] [blame]
id: GO-2022-0979
modules:
- module: github.com/peterzen/goresolver
vulnerable_at: 1.0.2
packages:
- package: github.com/peterzen/goresolver
summary: |-
Incorrect DNSSEC validation due to unchecked owner names in
github.com/peterzen/goresolver
description: |-
DNSSEC validation is not performed correctly. An attacker can cause this package
to report successful validation for invalid, attacker-controlled records.
The owner name of RRSIG RRs is not validated, permitting an attacker to present
the RRSIG for an attacker-controlled domain in a response for any other domain.
ghsas:
- GHSA-87mm-qxm5-cp3f
references:
- report: https://github.com/peterzen/goresolver/issues/5
cve_metadata:
id: CVE-2022-3346
cwe: 'CWE 347: Improper Verification of Cryptographic Signature'