Lucene search
GoCVELIST:CVE-2022-3346HistoryDec 27, 2022 - 9:17 p.m.
CVE-2022-3346 Incorrect DNSSEC validation due to unchecked owner names in github.com/peterzen/goresolver
2022-12-2721:17:48
Go
www.cve.org
cve-2022-3346
dnssec
validation
goresolver
github.com/peterzen
0.001 Low
EPSS
Percentile
33.2%
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.
CNA Affected
[
{
"vendor": "github.com/peterzen/goresolver",
"product": "github.com/peterzen/goresolver",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/peterzen/goresolver",
"defaultStatus": "affected"
}
]Related
prion
prion
Design/Logic Flaw
2022-12-28 03:15:00
cve
cve
CVE-2022-3346
2022-12-28 03:15:10
nvd
nvd
CVE-2022-3346
2022-12-28 03:15:10
osv
osv
github
github
veracode
veracode
Improper Access Control
2023-01-10 12:55:03