data/cve/v5/GO-2022-0979.json

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "cveMetadata": {
    "cveId": "CVE-2022-3346"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc"
      },
      "title": "Incorrect DNSSEC validation due to unchecked owner names in github.com/peterzen/goresolver",
      "descriptions": [
        {
          "lang": "en",
          "value": "DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain."
        }
      ],
      "affected": [
        {
          "vendor": "github.com/peterzen/goresolver",
          "product": "github.com/peterzen/goresolver",
          "collectionURL": "https://pkg.go.dev",
          "packageName": "github.com/peterzen/goresolver",
          "defaultStatus": "affected"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE 347: Improper Verification of Cryptographic Signature"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/peterzen/goresolver/issues/5"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0979"
        }
      ]
    }
  }
}