Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver
CVE-2022-3347

7.5HIGH

Key Information:

Vendor: Github.com/peterzen/goresolver
Status: Github.com/peterzen/goresolver
Vendor: CVE Published:; 28 December 2022

🔔 Create Github.com/peterzen/goresolver Vulnerability Alert

What is CVE-2022-3347?

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.

References

https://github.com/peterzen/goresolver/issues/5#issuecomm...

https://pkg.go.dev/vuln/GO-2022-1026

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2022
Vulnerability Reserved
Sep 27, 2022