data/reports: add alias for GO-2022-0979.yaml

Aliases: CVE-2022-3346, GHSA-87mm-qxm5-cp3f

Updates golang/vulndb#979
Fixes golang/vulndb#1273

Change-Id: Ia84913135828239a8fd2417d0fbf34b05ff58143
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461475
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Tatiana Bradley 2023-01-10 16:58:11 -05:00 коммит произвёл Tatiana Bradley
Родитель f63fe31a0f
Коммит fc8bccf551
2 изменённых файлов: 4 добавлений и 1 удалений

Просмотреть файл

@ -3,7 +3,8 @@
"published": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z",
"modified": "0001-01-01T00:00:00Z", "modified": "0001-01-01T00:00:00Z",
"aliases": [ "aliases": [
"CVE-2022-3346" "CVE-2022-3346",
"GHSA-87mm-qxm5-cp3f"
], ],
"details": "DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records.\n\nThe owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.", "details": "DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records.\n\nThe owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.",
"affected": [ "affected": [

Просмотреть файл

@ -11,6 +11,8 @@ description: |
The owner name of RRSIG RRs is not validated, permitting an attacker The owner name of RRSIG RRs is not validated, permitting an attacker
to present the RRSIG for an attacker-controlled domain in a response to present the RRSIG for an attacker-controlled domain in a response
for any other domain. for any other domain.
ghsas:
- GHSA-87mm-qxm5-cp3f
references: references:
- report: https://github.com/peterzen/goresolver/issues/5 - report: https://github.com/peterzen/goresolver/issues/5
cve_metadata: cve_metadata: