CVE-2022-3616
MEDIUMcloudflare/octorpki < 1.4.4 - Denial of Service via CA Chain Length Exceeding Max Iterations
Title source: llmDescription
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.
References (1)
Core 1
Core References
Third Party Advisory
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc
Scores
CVSS v3
5.4
EPSS
0.0040
EPSS Percentile
31.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
CWE-834
Status
published
Products (2)
cloudflare/cfrpki
0 - 1.4.4Go
cloudflare/octorpki
< 1.4.4
Published
Oct 28, 2022
Tracked Since
Feb 18, 2026