Headline
CVE-2022-3616: OctoRPKI crashes when max iterations is reached
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service.
Package
gomod github.com/cloudflare/cfrpki/cmd/octorpki (Go)
Affected versions
<= 1.4.3
Description
Impact
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter that would cause the program to crash and not finish the validation and thus a denial of service.
Patches
This issue is fixed in v1.4.4
Workarounds
None.
Related news
### Impact Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter that would cause the program to crash and not finish the validation and thus a denial of service. ### Patches This issue is fixed in v1.4.4 ### Workarounds None.