{"id":"GO-2022-1026","summary":"Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver","details":"DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records.\n\nRoot DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.","aliases":["CVE-2022-3347","GHSA-jr65-gpj5-cw74"],"modified":"2024-05-20T16:03:47Z","published":"2022-09-29T17:25:07Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-1026","review_status":"REVIEWED"},"references":[{"type":"REPORT","url":"https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257"}],"affected":[{"package":{"name":"github.com/peterzen/goresolver","ecosystem":"Go","purl":"pkg:golang/github.com/peterzen/goresolver"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/peterzen/goresolver"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-1026.json"}}],"schema_version":"1.7.3"}