CVE-2021-3908 — Uncontrolled Resource Consumption in Octorpki

CWE-400 — Uncontrolled Resource Consumption CWE-835 — Infinite Loop7 documents5 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.3%

top 47.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudflare Octorpki Github.com Cloudflare Cfrpki Debian Linux

Timeline

PublishedNov 11

Latest updateAug 21

Description

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cloudflare/octorpkiunspecified — 1.4.0

▶NVDcloudflare/octorpki< 1.3.0

▶Gogithub.com/cloudflare_cfrpki< 1.4.0

Also affects: Debian Linux 11.0

🔴Vulnerability Details

OSV

Infinite certificate chain depth results in OctoRPKI running forever in github.com/cloudflare/cfrpki↗2024-08-21

▶

CVEList

Infinite certificate chain depth results in OctoRPKI running forever↗2021-11-11

▶

OSV

CVE-2021-3908: OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal nev↗2021-11-11

▶

OSV

Infinite certificate chain depth results in OctoRPKI running forever↗2021-11-10

▶

GHSA

Infinite certificate chain depth results in OctoRPKI running forever↗2021-11-10

▶

📋Vendor Advisories

Debian

CVE-2021-3908: cfrpki - OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to c...↗2021

▶