Опубликовано: 11 нояб. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 4.2
Описание
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/jammy | not-affected | 1.4.2-1 |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
| jammy | not-affected | 1.4.2-1 |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | DNE | |
| trusty | ignored | end of standard support |
Показывать по
10
EPSS
Процентиль: 67%
0.00552
Низкий
4.3 Medium
CVSS2
4.2 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.2
nvd
около 4 лет назад
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
CVSS3: 4.2
debian
около 4 лет назад
OctoRPKI tries to load the entire contents of a repository in memory, ...
CVSS3: 4.2
github
около 4 лет назад
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
EPSS
Процентиль: 67%
0.00552
Низкий
4.3 Medium
CVSS2
4.2 Medium
CVSS3