Описание
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.
Ссылки
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:go-resolver_project:go-resolver:-:*:*:*:*:go:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
7.5 High
CVSS3
Дефекты
CWE-345
Связанные уязвимости
CVSS3: 7.7
github
около 3 лет назад
go-resolver's DNSSEC validation not performed correctly
EPSS
Процентиль: 27%
0.00098
Низкий
7.5 High
CVSS3
Дефекты
CWE-345