CVE-2022-3616

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3616

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3616.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3616

Aliases

Downstream

DEBIAN-CVE-2022-3616

UBUNTU-CVE-2022-3616

Related

GHSA-pmw9-567p-68pc

Published

2022-10-28T07:15:16Z

Modified

2025-10-16T05:30:31.917705Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

References

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc

Affected packages

Git / github.com/cloudflare/cfrpki

Affected ranges

Type: GIT
Repo: https://github.com/cloudflare/cfrpki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5f64bcd13477b29cd7ddff6fff3c65dfac3423ca

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

v1.*

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.2.0

v1.2.0-pre

v1.2.1

v1.2.2

v1.3.0

v1.4.0

v1.4.1

v1.4.2

v1.4.3