Security Advisory

CVE-2022-3346

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-27 21:17:48

Last updated 2025-04-14 17:06:12

Assigner Go

State PUBLISHED

Description

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.

← Browse all CVEs View on cve.org ↗