An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48521.json",
"cna_assigner": "mitre"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.10.3"
},
{
"introduced": "2.11.x"
},
{
"fixed": "2.11.0-Beta2"
}
],
"source": "DESCRIPTION"
}