GO-2022-0580 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki

Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki...

GO-2022-0250 Infinite open connection causes OctoRPKI to hang forever in github.com/cloudflare/cfrpki

Infinite open connection causes OctoRPKI to hang forever in github.com/cloudflare/cfrpki...

Improper RPKI Origin Validation

github.com/cloudflare/cfrpki is vulnerable to Improper RPKI Origin Validation. The vulnerability is caused by emitting an invalid VRP MaxLength value through validator/lib/roa.go causing RTR sessions to terminate. This flaw allows an attacker disable RPKI Origin Validation which can result in BGP...

Denial Of Service (DoS)

github.com/cloudflare/cfrpki is vulnerable to denial of service. The vulnerability exists because the validationLoop function in octorpki.go exceeds the max iterations parameter when creating long chains of CAs, allowing an attacker to crash the application...

GO-2022-0253 Resource exhaustion via GZIP bomb in github.com/cloudflare/cfrpki

The HTTPFetcher.GetXML function reads a response of unlimited size into memory, permitting resource exhaustion...

Path Traversal

github.com/cloudflare/cfrpki is vulnerable to path traversal. A malicious TAL file containing illegal path element can be sent by an attacker which leads to writing outside of the base directory...

Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki

Impact In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory. Patches No patch release has been mad...

GHSA-8459-6RC9-8VF8 Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki

Impact In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory. Patches No patch release has been mad...

Debian DSA-5041-1 : cfrpki - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5041 advisory. Multiple vulnerabilities were discovered in Cloudflare's RPKI validator, which could result in denial of service or path traversal. For the stable distribution...

Debian: Security Advisory (DSA-5041-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5041-1] cfrpki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5041-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2022 https://www.debian.org/security/faq -...

Denial Of Service (DoS)

validator/lib/librpki of github.com/cloudflare/cfrpki is vulnerable to denial of service. The vulnerabiltiy exists becausse an ROA returned with too many bits for the IP address can cause OctoRPKI to crash...