data/reports: add alias for GO-2022-0979.yaml
Aliases: CVE-2022-3346, GHSA-87mm-qxm5-cp3f
Updates golang/vulndb#979
Fixes golang/vulndb#1273
Change-Id: Ia84913135828239a8fd2417d0fbf34b05ff58143
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461475
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/osv/GO-2022-0979.json b/data/osv/GO-2022-0979.json
index b95b5f2..78b419c 100644
--- a/data/osv/GO-2022-0979.json
+++ b/data/osv/GO-2022-0979.json
@@ -3,7 +3,8 @@
"published": "0001-01-01T00:00:00Z",
"modified": "0001-01-01T00:00:00Z",
"aliases": [
- "CVE-2022-3346"
+ "CVE-2022-3346",
+ "GHSA-87mm-qxm5-cp3f"
],
"details": "DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records.\n\nThe owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.",
"affected": [
diff --git a/data/reports/GO-2022-0979.yaml b/data/reports/GO-2022-0979.yaml
index d754395..595fb62 100644
--- a/data/reports/GO-2022-0979.yaml
+++ b/data/reports/GO-2022-0979.yaml
@@ -11,6 +11,8 @@
The owner name of RRSIG RRs is not validated, permitting an attacker
to present the RRSIG for an attacker-controlled domain in a response
for any other domain.
+ghsas:
+ - GHSA-87mm-qxm5-cp3f
references:
- report: https://github.com/peterzen/goresolver/issues/5
cve_metadata:
