What is the severity of CVE-2022-3347?

CVE-2022-3347 has a medium severity rating due to its potential to allow attackers to manipulate DNSSEC validation.

How do I fix CVE-2022-3347?

To fix CVE-2022-3347, update the goresolver package to version 1.0.3 or later where the vulnerability has been addressed.

What impact does CVE-2022-3347 have on affected systems?

CVE-2022-3347 can allow attackers to present false validation responses, compromising the integrity of DNS queries.

Which software is affected by CVE-2022-3347?

CVE-2022-3347 affects versions of the goresolver package up to and including version 1.0.2.

Is CVE-2022-3347 a known issue?

Yes, CVE-2022-3347 is a recognized vulnerability documented in security advisories and issue trackers.

Vulnerability/
CVE-2022-3347

high

7.7

CWE

345 347

27/12/2022

28/12/2022

3/8/2024

CVE-2022-3347: Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver

First published: Tue Dec 27 2022(Updated: )

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.

Credit: security@golang.org

Affected Software	Affected Version	How to fix
go/github.com/peterzen/goresolver	<=1.0.2
Go-resolver

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-3347?
CVE-2022-3347 has a medium severity rating due to its potential to allow attackers to manipulate DNSSEC validation.
How do I fix CVE-2022-3347?
To fix CVE-2022-3347, update the goresolver package to version 1.0.3 or later where the vulnerability has been addressed.
What impact does CVE-2022-3347 have on affected systems?
CVE-2022-3347 can allow attackers to present false validation responses, compromising the integrity of DNS queries.
Which software is affected by CVE-2022-3347?
CVE-2022-3347 affects versions of the goresolver package up to and including version 1.0.2.
Is CVE-2022-3347 a known issue?
Yes, CVE-2022-3347 is a recognized vulnerability documented in security advisories and issue trackers.

agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-jr65-gpj5-cw74
alias/CVE-2022-3347
agent/software-canonical-lookup
agent/references
agent/weakness
agent/title
agent/author
agent/severity
agent/description
agent/softwarecombine
agent/event
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/go
vendor/go-resolver project
canonical/go-resolver

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2022-3347?
CVE-2022-3347 has a medium severity rating due to its potential to allow attackers to manipulate DNSSEC validation.
How do I fix CVE-2022-3347?
To fix CVE-2022-3347, update the goresolver package to version 1.0.3 or later where the vulnerability has been addressed.
What impact does CVE-2022-3347 have on affected systems?
CVE-2022-3347 can allow attackers to present false validation responses, compromising the integrity of DNS queries.
Which software is affected by CVE-2022-3347?
CVE-2022-3347 affects versions of the goresolver package up to and including version 1.0.2.
Is CVE-2022-3347 a known issue?
Yes, CVE-2022-3347 is a recognized vulnerability documented in security advisories and issue trackers.