CVE-2021-3908

Опубликовано: 11 нояб. 2021

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

Ссылки

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
Third Party Advisory
https://www.debian.org/security/2022/dsa-5041
Third Party Advisory
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
Third Party Advisory
https://www.debian.org/security/2022/dsa-5041
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudflare:octorpki:*:*:*:*:*:*:*:*

Версия до 1.3.0 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00286

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-835

Связанные уязвимости

CVE-2021-3908

CVSS3: 5.9

ubuntu

около 4 лет назад

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

CVE-2021-3908

CVSS3: 5.9

debian

около 4 лет назад

OctoRPKI does not limit the depth of a certificate chain, allowing for ...

GHSA-g5gj-9ggf-9vmq

CVSS3: 5.9

github

около 4 лет назад

Infinite certificate chain depth results in OctoRPKI running forever

EPSS

Процентиль: 52%

0.00286

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-835