GHSA-w6ww-fmfx-2x22
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w6ww-fmfx-2x22
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-w6ww-fmfx-2x22/GHSA-w6ww-fmfx-2x22.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-w6ww-fmfx-2x22
- Aliases
- Published
- 2021-11-10T19:56:04Z
- Modified
- 2023-11-01T04:56:02.063446Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Misconfigured IP address field in ROA leads to OctoRPKI crash
- Details
-
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.
Patches
For more information
If you have any questions or comments about this advisory email us at security@cloudflare.com
- Database specific
{ "nvd_published_at": "2021-11-11T22:15:00Z", "github_reviewed_at": "2021-11-10T18:14:59Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-20", "CWE-252" ] }- References
-
- https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22
- https://nvd.nist.gov/vuln/detail/CVE-2021-3911
- https://github.com/cloudflare/cfrpki/commit/2882307febd66801de97b2a2ce4d93fe58132005
- https://github.com/cloudflare/cfrpki
- https://pkg.go.dev/vuln/GO-2022-0252
- https://www.debian.org/security/2022/dsa-5041
Affected packages
Go / github.com/cloudflare/cfrpki
Package
- Name
- github.com/cloudflare/cfrpki
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cloudflare/cfrpki