Lucene search
GoCVELIST:CVE-2022-3347HistoryDec 27, 2022 - 9:17 p.m.
CVE-2022-3347 Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver
2022-12-2721:17:52
Go
www.cve.org
2
cve-2022-3347
github.com/peterzen/goresolver
dnssec validation
EPSS
0.001
Percentile
34.6%
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.
CNA Affected
[
{
"vendor": "github.com/peterzen/goresolver",
"product": "github.com/peterzen/goresolver",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/peterzen/goresolver",
"defaultStatus": "affected"
}
]Related
prion
prion
Design/Logic Flaw
2022-12-28 03:15:00
cve
cve
CVE-2022-3347
2022-12-28 03:15:10
github
github
go-resolver's DNSSEC validation not performed correctly
2022-12-28 03:30:28
nvd
nvd
CVE-2022-3347
2022-12-28 03:15:10
osv
osv
go-resolver's DNSSEC validation not performed correctly
2022-12-28 03:30:28
veracode
veracode
Improper Access Control
2023-01-10 12:19:34