CVE-2026-33811 Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

CVE-2026-33811

The CVE-2026-33811 entry describes a crash in the Go ecosystem when using LookupCNAME with the cgo DNS resolver: very long CNAME responses can trigger a double-free of C memory, leading to a crash. Affected item: Go net/cgo DNS resolver (LookupCNAME path). Root cause: memory management error (dou...

GHSA-JR65-GPJ5-CW74 go-resolver's DNSSEC validation not performed correctly

go-resolver's DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...

GHSA-87MM-QXM5-CP3F go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs

go-resolver's DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a...

go-resolver's DNSSEC validation not performed correctly

go-resolver's DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...

go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs

go-resolver's DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a...

go-resolver 数据伪造问题漏洞

go-resolver is a Golang DNSSEC validation parser library implemented on top of miekg/dns by the peterzen personal developer. A security vulnerability exists in go-resolver, which stems from DNSSEC authentication not being performed correctly...

go-resolver 数据伪造问题漏洞

go-resolver is a Golang DNSSEC validation parser library implemented on top of miekg/dns by the peterzen personal developer. A security vulnerability exists in go-resolver, which stems from DNSSEC authentication not being performed correctly...

PT-2022-21781 · Unknown · Go-Resolver

Name of the Vulnerable Software and Affected Versions: go-resolver affected versions not specified Description: The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. Specifically, root DNSSE...