Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3616: OctoRPKI crashes when max iterations is reached

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service.

CVE
#dos#git

Package

gomod github.com/cloudflare/cfrpki/cmd/octorpki (Go)

Affected versions

<= 1.4.3

Description

Impact

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter that would cause the program to crash and not finish the validation and thus a denial of service.

Patches

This issue is fixed in v1.4.4

Workarounds

None.

Related news

GHSA-pmw9-567p-68pc: OctoRPKI crashes when max iterations is reached

### Impact Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter that would cause the program to crash and not finish the validation and thus a denial of service. ### Patches This issue is fixed in v1.4.4 ### Workarounds None.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907