data/reports/GO-2022-1026.yaml - vulndb - Git at Google

 id: GO-2022-1026
 modules:
     - module: github.com/peterzen/goresolver
       vulnerable_at: 1.0.2
       packages:
         - package: github.com/peterzen/goresolver
 summary: Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver
 description: |-
     DNSSEC validation is not performed correctly. An attacker can cause this package
     to report successful validation for invalid, attacker-controlled records.

     Root DNSSEC public keys are not validated, permitting an attacker to present a
     self-signed root key and delegation chain.
 ghsas:
     - GHSA-jr65-gpj5-cw74
 references:
     - report: https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257
 cve_metadata:
     id: CVE-2022-3347
     cwe: 'CWE 295: Improper Certificate Validation'
	id: GO-2022-1026
	modules:
	- module: github.com/peterzen/goresolver
	vulnerable_at: 1.0.2
	packages:
	- package: github.com/peterzen/goresolver
	summary: Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver
	description: \|-
	DNSSEC validation is not performed correctly. An attacker can cause this package
	to report successful validation for invalid, attacker-controlled records.

	Root DNSSEC public keys are not validated, permitting an attacker to present a
	self-signed root key and delegation chain.
	ghsas:
	- GHSA-jr65-gpj5-cw74
	references:
	- report: https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257
	cve_metadata:
	id: CVE-2022-3347
	cwe: 'CWE 295: Improper Certificate Validation'