CPE-8CAA3AEE-6BB9-4BDA-8575-7ABACBC77F4E Detail

CPE Details

Cloudflare OctoRPKI 1.1.2

Vendor

cloudflare

Product

octorpki

Version

1.1.2

Created

2021-11-16
12h15 +00:00

Modified

2021-11-16
14h01 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:cloudflare:octorpki:1.1.2:::::::*

Informations

Vendor

cloudflare

Product

octorpki

Version

1.1.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-3616	2022-10-28 06h24 +00:00	Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.	7.5	High
CVE-2021-3912	2021-11-11 21h45 +00:00	OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).	6.5	Medium
CVE-2021-3911	2021-11-11 21h45 +00:00	If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.	6.5	Medium
CVE-2021-3910	2021-11-11 21h45 +00:00	OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).	7.5	High
CVE-2021-3909	2021-11-11 21h45 +00:00	OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.	7.5	High
CVE-2021-3908	2021-11-11 21h45 +00:00	OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.	7.5	High
CVE-2021-3907	2021-11-11 21h45 +00:00	OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.	9.8	Critical
CVE-2021-3761	2021-09-09 14h05 +00:00	Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues.	7.5	High

Cloudflare OctoRPKI 1.1.2

CPE Details

CPE Name: cpe:2.3:a:cloudflare:octorpki:1.1.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:cloudflare:octorpki:1.1.2:::::::*