| modules: |
| - module: github.com/peterzen/goresolver |
| vulnerable_at: 1.0.2 |
| packages: |
| - package: github.com/peterzen/goresolver |
| description: | |
| DNSSEC validation is not performed correctly. An attacker can |
| cause this package to report successful validation for invalid, |
| attacker-controlled records. |
| |
| Root DNSSEC public keys are not validated, permitting an attacker |
| to present a self-signed root key and delegation chain. |
| ghsas: |
| - GHSA-jr65-gpj5-cw74 |
| references: |
| - report: https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257 |
| cve_metadata: |
| id: CVE-2022-3347 |
| cwe: 'CWE 295: Improper Certificate Validation' |