GHSA-g5gj-9ggf-9vmq

Опубликовано: 10 нояб. 2021

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Infinite certificate chain depth results in OctoRPKI running forever

OctoRPKI (github.com/cloudflare/cfrpki/cmd/octorpki) does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

For more information

If you have any questions or comments about this advisory email us at security@cloudflare.com

Ссылки

Пакеты

Наименование

github.com/cloudflare/cfrpki

Затронутые версииВерсия исправления

< 1.4.0

1.4.0

EPSS

Процентиль: 52%

0.00286

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2021-3908

Дефекты

CWE-400

CWE-835

Связанные уязвимости

CVE-2021-3908

CVSS3: 5.9

ubuntu

около 4 лет назад

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

CVE-2021-3908

CVSS3: 5.9

nvd

около 4 лет назад

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

CVE-2021-3908

CVSS3: 5.9

debian

около 4 лет назад

OctoRPKI does not limit the depth of a certificate chain, allowing for ...

EPSS

Процентиль: 52%

0.00286

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2021-3908

Дефекты

CWE-400

CWE-835