Rixtoxo

**Name of the Vulnerable Software and Affected Versions** go-resolver (affected versions not specified) **Description** The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, allowing an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** go-resolver (affected versions not specified) **Description** The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. Specifically, root DNSSEC public keys are not validated, allowing an attacker to present a self-signed root key and delegation chain. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.