CVE-2022-3616

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3616

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3616.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-3616

Aliases

Related

UBUNTU-CVE-2022-3616

Published

2022-10-28T07:15:16Z

Modified

2024-10-12T09:58:17.552264Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

References

Affected packages

Debian:11 / cfrpki

Package

Name: cfrpki
Purl: pkg:deb/debian/cfrpki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-1

1.3.0-1

1.4.0-1

1.4.2-1~deb11u1

1.4.2-1

1.4.3-1

1.4.4-1

1.5.1-1

1.5.4-1

1.5.5-1

1.5.10-1

1.5.10-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cfrpki

Package

Name: cfrpki
Purl: pkg:deb/debian/cfrpki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/cloudflare/cfrpki

Affected ranges

Type: GIT
Repo: https://github.com/cloudflare/cfrpki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5f64bcd13477b29cd7ddff6fff3c65dfac3423ca

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

v1.*

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.0-pre

v1.2.1

v1.2.2

v1.3.0

v1.4.0

v1.4.1

v1.4.2

v1.4.3