CVE-2022-3616

Summary

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CloudflareOctoRPKI0 < <1.4.4affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions
  • CWE-834: CWE-834 Excessive Iteration

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References