8 matches found
CVE-2021-3761
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...
CVE-2021-3761
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...
CVE-2021-3761
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...
Input validation
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...
CVE-2021-3761 OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...
CVE-2021-3761
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...
CVE-2021-3761
CVE-2021-3761 affects Cloudflare’s RPKI validator (OctoRPKI) prior to 1.3.0, where any CA issuer can trigger an invalid VRP MaxLength value, causing RTR sessions to terminate. This can disable RPKI Origin Validation in a victim network and potentially enable a subsequent BGP hijack; RTR session f...
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values
Any CA issuer in the RPKI can trick OctoRPKI prior to https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. Impact An attacker can use this to disable RPKI Origin Validation in a vict...