Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-2036

Malware in sbrugna...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References9
NVD
NVD
added 2021/09/09 2:15 p.m.22 views

CVE-2021-3761

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

7.5CVSS0.01177EPSS
Exploits0References2
OSV
OSV
added 2021/09/09 2:15 p.m.21 views

CVE-2021-3761

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

7.5CVSS7.4AI score
Exploits0References2
Prion
Prion
added 2021/09/09 2:15 p.m.30 views

Input validation

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

5CVSS7.4AI score0.01177EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2021/09/09 2:15 p.m.33 views

CVE-2021-3761

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

7.5CVSS7AI score0.01177EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/09 2:5 p.m.20 views

CVE-2021-3761 OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

7.5CVSS7.7AI score0.01177EPSS
Exploits0References2
CVE
CVE
added 2021/09/09 2:5 p.m.86 views

CVE-2021-3761

CVE-2021-3761 affects Cloudflare’s RPKI validator (OctoRPKI) prior to 1.3.0, where any CA issuer can trigger an invalid VRP MaxLength value, causing RTR sessions to terminate. This can disable RPKI Origin Validation in a victim network and potentially enable a subsequent BGP hijack; RTR session f...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/09/09 2:5 p.m.25 views

CVE-2021-3761

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network for example AS 13335 - Cloudflare prior to launching a BGP hijack which...

7.5CVSS7.3AI score0.01177EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/09/07 11:2 p.m.50 views

OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values

Any CA issuer in the RPKI can trick OctoRPKI prior to https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. Impact An attacker can use this to disable RPKI Origin Validation in a vict...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/09/07 11:2 p.m.22 views

GHSA-C8XP-8MF3-62H9 OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values

Any CA issuer in the RPKI can trick OctoRPKI prior to https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. Impact An attacker can use this to disable RPKI Origin Validation in a vict...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References8
Schneier on Security
Schneier on Security
added 2019/10/17 11:8 a.m.49 views

Using Machine Learning to Detect IP Hijacking

This is interesting research: In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is...

1.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/07/11 5:19 p.m.65 views

Notorious ‘Hijack Factory’ Shunned from Web

Score one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company's bandwidth providers chose to sever ties...

6.8AI score
Exploits0
n0where
n0where
added 2017/03/20 5:11 a.m.24 views

BGP Hijack Detection: TaBi

BGP Hijack Detection Developed since 2011 for the needs of the French Internet Resilience Observatory , TaBi is a framework that ease the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called an...

7.5AI score
Exploits0References2
Rows per page
Query Builder