CVE-2021-3761 — Out-of-bounds Write in Octorpki

CWE-787 — Out-of-bounds Write CWE-295 — Improper Certificate Validation8 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudflare Octorpki Github.com Cloudflare Cfrpki Debian Linux

Timeline

PublishedSep 9

Latest updateJul 15

Description

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cloudflare/octorpkiunspecified — 1.3.0

▶NVDcloudflare/octorpki< 1.3.0

▶Gogithub.com/cloudflare_cfrpki< 1.3.0

Also affects: Debian Linux 11.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Insufficient validation in github.com/cloudflare/cfrpki↗2022-07-15

▶

OSV

CVE-2021-3761: Any CA issuer in the RPKI can trick OctoRPKI prior to 1↗2021-09-09

▶

CVEList

OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values↗2021-09-09

▶

GHSA

OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values↗2021-09-07

▶

OSV

OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values↗2021-09-07

▶

📋Vendor Advisories

Debian

CVE-2021-3761: cfrpki - Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an inv...↗2021

▶

📄Research Papers

arXiv

Rpkiller: Threat Analysis from an RPKI Relying Party Perspective↗2022-03-02

▶