New CWE for DNS domain normalization/canonicalization with trailing dot So we have: https://cwe.mitre.org/data/definitions/20.html https://cwe.mitre.org/data/definitions/180.html
which are both, broadly speaking, catch-all buckets too broad to be of much help. I would like to propose a CWE for "Failure to properly handle DNS names with or without a trailing dot", e.g.: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4963 and Sweden accidentally broke DNS for .se back in 2009 with a dot: https://www.computerworld.com/article/2529045/missing-dot-drops-sweden-off-the-internet.html And various projects having issues with this spanning many years: https://bugs.python.org/issue31997 https://github.com/openssl/openssl/issues/11560 -- Kurt Seifried (He/Him) k...@seifried.org