Lucene search
+L
CloudflareOctorpki

9 matches found

CVE
CVE
added 2021/11/11 9:45 p.m.108 views

CVE-2021-3907

CVE-2021-3907 affects OctoRPKI: a URI containing a filename with ".." can cause a repository to write a file outside the base cache folder, potentially enabling remote code execution on the host running OctoRPKI. The connected documents indicate this is a path/traversal issue in the OctoRPKI impl...

9.8CVSS8.8AI score0.04065EPSS
Web
CVE
CVE
added 2021/11/11 9:45 p.m.106 views

CVE-2021-3912

CVE-2021-3912 affects OctoRPKI: it loads an entire repository into memory and can unzip a gzip bomb in memory, enabling resource exhaustion and a crash. The vulnerability is described consistently across multiple feeds as a memory/CPU exhaustion issue triggered by oversized input or crafted archi...

6.5CVSS5.3AI score0.00822EPSS
CVE
CVE
added 2021/11/11 9:45 p.m.93 views

CVE-2021-3911

CVE-2021-3911 : In Cloudflare’s CFRPKI/OctoRPKI stack, a ROA response containing too many bits for the IP address can cause OctoRPKI to crash, i.e., an availability issue. The vulnerability is triggered when the ROA payload’s IP bit width exceeds expected limits, leading to a crash rather than a ...

6.5CVSS5.4AI score0.00878EPSS
CVE
CVE
added 2021/09/09 2:5 p.m.90 views

CVE-2021-3761

CVE-2021-3761 affects Cloudflare’s RPKI validator (OctoRPKI) prior to 1.3.0, where any CA issuer can trigger an invalid VRP MaxLength value, causing RTR sessions to terminate. This can disable RPKI Origin Validation in a victim network and potentially enable a subsequent BGP hijack; RTR session f...

7.5CVSS7.4AI score0.01216EPSS
CVE
CVE
added 2021/11/11 9:45 p.m.87 views

CVE-2021-3909

CVE-2021-3909 affects OctoRPKI: the vulnerable component does not bound connection length, enabling a slowloris-style DOS where the target repository keeps the HTTP connection open (up to about a day) while drip-feeding data. This can cause the OctoRPKI service to hang, impacting availability. Co...

7.5CVSS5.8AI score0.01512EPSS
CVE
CVE
added 2021/11/11 9:45 p.m.86 views

CVE-2021-3910

CVE-2021-3910 concerns Cloudflare’s CFRpki/OctoRPKI where processing a repository ROA that is just a NUL character can cause a crash. Connected sources confirm this vulnerability in CFRpki/OctoRPKI (e.g., GO-2022-0251 and OSV/NVD copies) and note the issue arises from an invalid ROA payload. The ...

7.5CVSS5.8AI score0.01255EPSS
CVE
CVE
added 2025/01/29 10:0 a.m.86 views

CVE-2021-3978

CVE-2021-3978 affects Cloudflare CFRPKI’s octorpki. The root cause is that copying files with rsync uses the “-a” flag 0, causing binaries with the SUID bit to be copied as root. The service definition defaults to root, creating a potential local privilege escalation vector if a malicious TAL fil...

7.5CVSS7.4AI score0.00142EPSS
CVE
CVE
added 2021/11/11 9:45 p.m.78 views

CVE-2021-3908

CVE-2021-3908 affects Cloudflare’s CFRpki/OctoRPKI validator. The issue: an unlimited certificate-chain depth allows tree traversal to recurse indefinitely, potentially leading to denial of service or path traversal. Affected component: CFRpki/OctoRPKI (RPKI validator). Root cause: no limit on ce...

7.5CVSS6.4AI score0.00707EPSS
CVE
CVE
added 2022/10/28 6:24 a.m.74 views

CVE-2022-3616

Affected software/area: OctoRPKI (github.com/cloudflare/cfrpki) in the octorpki command. Root cause / vulnerability detail: Attackers can construct long chains of Certificate Authorities (CAs) that exhaust the max iterations limit, causing OctoRPKI to crash and fail validation, resulting in a den...

7.5CVSS6.2AI score0.00404EPSS