BIND DNSSEC RRSIG Owner Name Validation Bypass
CVE-2022-3346 Published on December 28, 2022
Incorrect DNSSEC validation due to unchecked owner names in github.com/peterzen/goresolver
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.
Vulnerability Analysis
CVE-2022-3346 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Products Associated with CVE-2022-3346
stack.watch emails you whenever new vulnerabilities are published in Go Resolverproject Go Resolver or ISC BIND. Just hit a watch button to start following.
Affected Versions
github.com/peterzen/goresolver:Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.