{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T16:31:44.052","vulnerabilities":[{"cve":{"id":"CVE-2022-3347","sourceIdentifier":"security@golang.org","published":"2022-12-28T03:15:10.193","lastModified":"2026-06-17T04:59:21.137","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain."},{"lang":"es","value":"La validación de DNSSEC no se realiza correctamente. Un atacante puede hacer que este paquete informe una validación exitosa de registros no válidos controlados por el atacante. Las claves públicas DNSSEC raíz no se validan, lo que permite a un atacante presentar una clave root autofirmada y una cadena de delegación."}],"affected":[{"source":"security@golang.org","affectedData":[{"vendor":"github.com/peterzen/goresolver","product":"github.com/peterzen/goresolver","defaultStatus":"affected","collectionURL":"https://pkg.go.dev","packageName":"github.com/peterzen/goresolver"}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-14T17:08:24.435403Z","id":"CVE-2022-3347","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:go-resolver_project:go-resolver:-:*:*:*:*:go:*:*","matchCriteriaId":"13326050-272D-4B2E-9469-839B63614913"}]}]}],"references":[{"url":"https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257","source":"security@golang.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://pkg.go.dev/vuln/GO-2022-1026","source":"security@golang.org","tags":["Vendor Advisory"]},{"url":"https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://pkg.go.dev/vuln/GO-2022-1026","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}