CVE-2022-3616Improper Check for Unusual or Exceptional Conditions in Octorpki

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-834Excessive Iteration8 documents6 sources
Severity
7.5HIGHNVD
CNA5.4
EPSS
0.1%
top 78.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cloudflare OctorpkiGithub.com Cloudflare Cfrpki
Timeline
PublishedOct 28
Latest updateAug 21

Description

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5cloudflare/octorpki< <1.4.4
NVDcloudflare/octorpki< 1.4.4

🔴Vulnerability Details

5
OSV
OctoRPKI crashes when max iterations is reached in github.com/cloudflare/cfrpki2024-08-21
GHSA
OctoRPKI crashes when max iterations is reached2022-10-31
OSV
OctoRPKI crashes when max iterations is reached2022-10-31
OSV
CVE-2022-3616: Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter2022-10-28
CVEList
OctoRPKI crash when maximum iterations number is reached2022-10-28

📋Vendor Advisories

1
Debian
CVE-2022-3616: cfrpki - Attackers can create long chains of CAs that would lead to OctoRPKI exceeding it...2022

📄Research Papers

1
arXiv
The CURE To Vulnerabilities in RPKI Validation2023-12-04
CVE-2022-3616 — Cloudflare Octorpki vulnerability | cvebase