{"id":"CVE-2022-48521","details":"An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.","modified":"2026-04-10T04:53:07.484674Z","published":"2023-07-11T20:15:10.523Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00002.html"},{"type":"REPORT","url":"https://github.com/trusteddomainproject/OpenDKIM/issues/148"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/trusteddomainproject/opendkim","events":[{"introduced":"0"},{"last_affected":"cf1b96054c9d1e395417eda46b6038a1ab7a904f"},{"introduced":"0"},{"last_affected":"0fb53f84a6d17b82c8fc50c84b2a7517041250a8"},{"introduced":"0"},{"last_affected":"ba032e771c79ef98c86f5a55fe5453a5b700cee3"},{"introduced":"0"},{"last_affected":"ba29fa57b2455143dd86973c2229d6f7b8e16d9b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.10.3"},{"introduced":"0"},{"last_affected":"2.11.0-beta0"},{"introduced":"0"},{"last_affected":"2.11.0-beta1"},{"introduced":"0"},{"last_affected":"2.11.0-beta2"}]}}],"versions":["2.11.0-Beta2","rel-opendkim-2-10-0","rel-opendkim-2-10-0-Beta0","rel-opendkim-2-10-0-Beta1","rel-opendkim-2-10-0-Beta2","rel-opendkim-2-10-1","rel-opendkim-2-10-2","rel-opendkim-2-10-3","rel-opendkim-2-11-0-Beta0","rel-opendkim-2-11-0-Beta1","rel-opendkim-2-11-0-Beta2","rel-opendkim-2-2-2","rel-opendkim-2-3-1","rel-opendkim-2-3-2","rel-opendkim-2-4-0","rel-opendkim-2-4-1","rel-opendkim-2-4-2","rel-opendkim-2-4-3","rel-opendkim-2-5-0","rel-opendkim-2-5-0-1","rel-opendkim-2-5-1","rel-opendkim-2-5-2","rel-opendkim-2-6-0","rel-opendkim-2-6-1","rel-opendkim-2-6-2","rel-opendkim-2-6-3","rel-opendkim-2-6-4","rel-opendkim-2-6-5","rel-opendkim-2-6-6","rel-opendkim-2-6-7","rel-opendkim-2-7-0","rel-opendkim-2-7-0-Beta0","rel-opendkim-2-7-0-Beta1","rel-opendkim-2-7-0-Beta2","rel-opendkim-2-7-0-Beta3","rel-opendkim-2-7-0-Beta4","rel-opendkim-2-7-0-Beta5","rel-opendkim-2-7-1","rel-opendkim-2-7-2","rel-opendkim-2-7-3","rel-opendkim-2-7-4","rel-opendkim-2-8-0","rel-opendkim-2-8-1","rel-opendkim-2-8-2","rel-opendkim-2-8-3","rel-opendkim-2-8-4","rel-opendkim-2-8-4-Beta0","rel-opendkim-2-8-4-Beta1","rel-opendkim-2-8-4-Beta2","rel-opendkim-2-9-0","rel-opendkim-2-9-0-Beta0","rel-opendkim-2-9-0-Beta1","rel-opendkim-2-9-0-Beta2","rel-opendkim-2-9-1","rel-opendkim-2-9-1-Beta0","rel-opendkim-2-9-1-Beta1","rel-opendkim-2-9-1-Beta2","rel-opendkim-2-9-1-Beta3","rel-opendkim-2-9-1-Beta4","rel-opendkim-2-9-2","rel-opendkim-2-9-2-Beta0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48521.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}