Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cloudflare
Published: 2022-10-28T06:24:44.189Z
Updated: 2024-08-03T01:14:03.299Z
Reserved: 2022-10-20T11:13:34.797Z
Link: CVE-2022-3616
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-28T07:15:16.557
Modified: 2024-11-21T07:19:53.173
Link: CVE-2022-3616
Redhat
No data.