CVE-2022-3616

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudflare:octorpki:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:19

Type Values Removed Values Added
References () https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc - Third Party Advisory () https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc - Third Party Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.4

29 Mar 2023, 09:15

Type Values Removed Values Added
Summary Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

31 Oct 2022, 16:58

Type Values Removed Values Added
References (MISC) https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc - (MISC) https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc - Third Party Advisory
CWE CWE-834
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:cloudflare:octorpki:*:*:*:*:*:*:*:*

28 Oct 2022, 08:24

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-28 07:15

Updated : 2024-11-21 07:19


NVD link : CVE-2022-3616

Mitre link : CVE-2022-3616

CVE.ORG link : CVE-2022-3616


JSON object : View

Products Affected

cloudflare

  • octorpki
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-834

Excessive Iteration