peterzen/goresolver

peterzen/goresolver

Releases5

Frequency1 year 9 months

Last Release 3 months ago

Stars25

DNSSEC validating resolver library

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-3346 ↗	Dec 28, 2022Wednesday, 28 December 2022, 03:15	6.5 MEDIUM	—
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.
CVE-2022-3347 ↗	Dec 28, 2022Wednesday, 28 December 2022, 03:15	7.5 HIGH	—
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.