NUL character in ROA causes OctoRPKI to crash
CVE-2021-3910

4.4MEDIUM

Key Information:

What is CVE-2021-3910?

OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).

octorpki < 1.4.0

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Koen van Hove