CVE-2021-3908

Summary

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

Affected Software

VendorProductVersion RangeStatus
Cloudflareoctorpkiunspecified < 1.4.0affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References