Описание
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.0 (исключая)
cpe:2.3:a:cloudflare:octorpki:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00552
Низкий
4.2 Medium
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-400
CWE-770
Связанные уязвимости
CVSS3: 4.2
ubuntu
около 4 лет назад
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
CVSS3: 4.2
debian
около 4 лет назад
OctoRPKI tries to load the entire contents of a repository in memory, ...
CVSS3: 4.2
github
около 4 лет назад
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
EPSS
Процентиль: 67%
0.00552
Низкий
4.2 Medium
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-400
CWE-770