CVE-2022-48521

Source
https://cve.org/CVERecord?id=CVE-2022-48521
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48521.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48521
Downstream
Published
2023-07-11T00:00:00Z
Modified
2026-07-08T06:04:21.052943504Z
Summary
[none]
Details

An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48521.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/trusteddomainproject/opendkim

Affected ranges

Type
GIT
Repo
https://github.com/trusteddomainproject/opendkim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.10.3"
        },
        {
            "introduced": "2.11.x"
        },
        {
            "fixed": "2.11.0-Beta2"
        }
    ],
    "source": "DESCRIPTION"
}

Affected versions

2.*
2.11.0-beta0
2.11.0-beta1
2.11.0-beta2
Other
rel-opendkim-2-10-0
rel-opendkim-2-10-0-Beta0
rel-opendkim-2-10-0-Beta1
rel-opendkim-2-10-0-Beta2
rel-opendkim-2-10-1
rel-opendkim-2-10-2
rel-opendkim-2-10-3
rel-opendkim-2-11-0-Beta0
rel-opendkim-2-11-0-Beta1
rel-opendkim-2-2-2
rel-opendkim-2-3-1
rel-opendkim-2-3-2
rel-opendkim-2-4-0
rel-opendkim-2-4-1
rel-opendkim-2-4-2
rel-opendkim-2-4-3
rel-opendkim-2-5-0
rel-opendkim-2-5-0-1
rel-opendkim-2-5-1
rel-opendkim-2-5-2
rel-opendkim-2-6-0
rel-opendkim-2-6-1
rel-opendkim-2-6-2
rel-opendkim-2-6-3
rel-opendkim-2-6-4
rel-opendkim-2-6-5
rel-opendkim-2-6-6
rel-opendkim-2-6-7
rel-opendkim-2-7-0
rel-opendkim-2-7-0-Beta0
rel-opendkim-2-7-0-Beta1
rel-opendkim-2-7-0-Beta2
rel-opendkim-2-7-0-Beta3
rel-opendkim-2-7-0-Beta4
rel-opendkim-2-7-0-Beta5
rel-opendkim-2-7-1
rel-opendkim-2-7-2
rel-opendkim-2-7-3
rel-opendkim-2-7-4
rel-opendkim-2-8-0
rel-opendkim-2-8-1
rel-opendkim-2-8-2
rel-opendkim-2-8-3
rel-opendkim-2-8-4
rel-opendkim-2-8-4-Beta0
rel-opendkim-2-8-4-Beta1
rel-opendkim-2-8-4-Beta2
rel-opendkim-2-9-0
rel-opendkim-2-9-0-Beta0
rel-opendkim-2-9-0-Beta1
rel-opendkim-2-9-0-Beta2
rel-opendkim-2-9-1
rel-opendkim-2-9-1-Beta0
rel-opendkim-2-9-1-Beta1
rel-opendkim-2-9-1-Beta2
rel-opendkim-2-9-1-Beta3
rel-opendkim-2-9-1-Beta4
rel-opendkim-2-9-2
rel-opendkim-2-9-2-Beta0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48521.json"