2 matches found
CVE-2022-3346
CVE-2022-3346 concerns the goresolver package (github.com/peterzen/goresolver). Connected sources describe a vulnerability where DNSSEC validation is not performed correctly due to the owner name of RRSIG RRs not being validated. This allows an attacker to present an RRSIG for an attacker-control...
CVE-2022-3347
CVE-2022-3347 affects the GitHub Go library github.com/peterzen/goresolver (DNSSEC validation parser). The connected documents indicate that DNSSEC validation is not performed correctly: root DNSSEC public keys are not validated, allowing an attacker to present a self-signed root key and a forged...