Lucene search
GoogleOSV:GHSA-G9WH-3VRX-R7HGHistoryNov 10, 2021 - 8:39 p.m.
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
2021-11-1020:39:23
Google
osv.dev
8
0.001 Low
EPSS
Percentile
30.8%
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
Patches
For more information
If you have any questions or comments about this advisory email us at [email protected]
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/cloudflare/cfrpki | lt | 1.4.0 |
Related
debiancve
debiancve
CVE-2021-3912
2021-11-11 22:15:08
veracode
veracode
Denial Of Service (DoS)
2021-11-11 05:24:47
nvd
nvd
CVE-2021-3912
2021-11-11 22:15:08
osv
osv
CVE-2021-3912
2021-11-11 22:15:08
Resource exhaustion via GZIP bomb in github.com/cloudflare/cfrpki
2022-07-15 23:07:48
cfrpki - security update
2022-01-11 00:00:00
cve
cve
CVE-2021-3912
2021-11-11 22:15:08
github
github
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
2021-11-10 20:39:23
prion
prion
Buffer overflow
2021-11-11 22:15:00
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2021-3912
2021-11-11 00:00:00
debian
debian
[SECURITY] [DSA 5041-1] cfrpki security update
2022-01-11 21:54:05
nessus
nessus
Debian DSA-5041-1 : cfrpki - security update
2022-01-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5041-1)
2022-01-12 00:00:00