Skip to main content

Insufficient Verification of Data Authenticity


Severity Medium
Score 6.5/10


DNSSEC validation is not performed correctly in An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain. This has the same fix as CVE-2022-3347.

  • LOW
  • HIGH
  • NONE
  • NONE
  • NONE

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Advisory Timeline

  • Published