CVE-2022-3616
Last modified
CVE-2022-3616 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | Octorpki | < 1.4.4 |
References
- https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pcThird Party Advisory
- https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pcThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3616?
How severe is CVE-2022-3616?
How do I fix CVE-2022-3616?
Are you affected by CVE-2022-3616?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST