Lucene search
GoogleOSV:GO-2022-1026HistorySep 29, 2022 - 5:25 p.m.
Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver
2022-09-2917:25:07
Google
osv.dev
10
dnssec
validation
github.com/peterzen/goresolver
attacker
records
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records.
Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.
Related
veracode
veracode
Improper Access Control
2023-01-10 12:19:34
prion
prion
Design/Logic Flaw
2022-12-28 03:15:00
cve
cve
CVE-2022-3347
2022-12-28 03:15:10
cvelist
cvelist
github
github
go-resolver's DNSSEC validation not performed correctly
2022-12-28 03:30:28
nvd
nvd
CVE-2022-3347
2022-12-28 03:15:10
osv
osv
go-resolver's DNSSEC validation not performed correctly
2022-12-28 03:30:28
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
Related for OSV:GO-2022-1026