CVE-2022-3616

MEDIUM

Cloudflare Octorpki < 1.4.4 - Improper Condition Check

Title source: rule

Description

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

References (1)

[Third Party Advisory] https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc

Scores

CVSS v3 5.4

EPSS 0.0007

EPSS Percentile 22.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-754 CWE-834

Status published

Products (2)

cloudflare/cfrpki 0 - 1.4.4Go

cloudflare/octorpki < 1.4.4

Published Oct 28, 2022

Tracked Since Feb 18, 2026