Описание
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cfrpki | fixed | 1.4.0-1 | package | |
| routinator | itp | package |
Примечания
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
EPSS
Процентиль: 52%
0.00286
Низкий
Связанные уязвимости
CVSS3: 5.9
ubuntu
около 4 лет назад
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
CVSS3: 5.9
nvd
около 4 лет назад
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
CVSS3: 5.9
github
около 4 лет назад
Infinite certificate chain depth results in OctoRPKI running forever
EPSS
Процентиль: 52%
0.00286
Низкий