CVE-2022-3616

High

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause…

cloudflare·CWE-754·Published 2022-10-28

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

358 chars

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

NVDen

358 chars

GHSAen

510 chars

### Impact Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability. ### Specific Go Packages Affected github.com/cloudflare/cfrpki/cmd/octorpki ### Patches This issue is fixed in v1.4.4 ### Workarounds None.

NVDes

372 chars

Los atacantes pueden crear largas cadenas de CA que llevarían a OctoRPKI a exceder su parámetro máximo de iterations. En consecuencia provocaría que el programa colapsara, impidiendo que finalice la validación y provocando una Denegación de Servicio. Créditos a Donika Mirdita y Haya Shulman - Fraunhofer SIT, ATHENE, quienes descubrieron e informaron esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	5.4	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
3.1	Secondary	NVD	5.4	1.2	4.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
3.1	Secondary	GHSA	5.4	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H