Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wbXc5LTU2N3AtNjhwY84AAvmZ
OctoRPKI crashes when max iterations is reached
Impact
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter that would cause the program to crash and not finish the validation and thus a denial of service.
Patches
This issue is fixed in v1.4.4
Workarounds
None.
Permalink: https://github.com/advisories/GHSA-pmw9-567p-68pcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wbXc5LTU2N3AtNjhwY84AAvmZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-pmw9-567p-68pc, CVE-2022-3616
References:
- https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc
- https://nvd.nist.gov/vuln/detail/CVE-2022-3616
- https://github.com/cloudflare/cfrpki/commit/5f64bcd13477b29cd7ddff6fff3c65dfac3423ca
- https://github.com/advisories/GHSA-pmw9-567p-68pc
Affected Packages
go:github.com/cloudflare/cfrpki/cmd/octorpki
Versions: <= 1.4.3Fixed in: 1.4.4