Headline
GHSA-jr65-gpj5-cw74: go-resolver's DNSSEC validation not performed correctly
go-resolver’s DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.
go-resolver’s DNSSEC validation not performed correctly
High severity GitHub Reviewed Published Dec 28, 2022 • Updated Dec 29, 2022
Related news
CVE-2022-3347: RRSIG name was not being checked · Issue #5 · peterzen/goresolver
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.