CVE-2023-6245 Infinite decoding loop through specially crafted payload

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

PT-2021-22373 · Octorpki · Octorpki

Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue arises from OctoRPKI not limiting the depth of a certificate chain, allowing a Certificate Authority CA to create children in an ad-hoc manner. This results in tree traversal nev...