OctoRPKI crash when maximum iterations number is reached
CVE-2022-3616

5.4MEDIUM

Key Information:

Vendor: Cloudflare
Status: Octorpki
Vendor: CVE Published:; 28 October 2022

What is CVE-2022-3616?

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

Affected Version(s)

OctoRPKI Go 0

References

https://github.com/cloudflare/cfrpki/security/advisories/...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Oct 20, 2022

Credit

Donika Mirdita - Fraunhofer SIT, ATHENE

Haya Shulman - Fraunhofer SIT, ATHENE