Lucene search
HistoryDec 28, 2022 - 3:15 a.m.
CVE-2022-3347
cve-2022-3347
dnssec
validation
vulnerability
package
attacker-controlled records
root dnssec
public keys
self-signed
delegation chain
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.
Affected configurations
Node
go-resolver_projectgo-resolverMatch-go
| Vendor | Product | Version | CPE |
|---|---|---|---|
| go-resolver_project | go-resolver | - | cpe:2.3:a:go-resolver_project:go-resolver:-:*:*:*:*:go:*:* |
Related
osv
osv
Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver
2022-09-29 17:25:07
go-resolver's DNSSEC validation not performed correctly
2022-12-28 03:30:28
veracode
veracode
Improper Access Control
2023-01-10 12:19:34
prion
prion
Design/Logic Flaw
2022-12-28 03:15:00
cve
cve
CVE-2022-3347
2022-12-28 03:15:10
cvelist
cvelist
github
github
go-resolver's DNSSEC validation not performed correctly
2022-12-28 03:30:28
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
Related for NVD:CVE-2022-3347