Lucene search
Veracode Vulnerability DatabaseVERACODE:32918HistoryNov 11, 2021 - 10:10 a.m.
Denial Of Service (DoS)
2021-11-1110:10:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
dos
cloudflare
octorpki
EPSS
0.002
Percentile
61.0%
github.com/cloudflare/cfrpki is vulnerable to denial of service. The vulnerability exists in the main of octorpki.go because the OctoRPKI doesn’t limit the connections it opens before the response is returned which results in an application crash.
References
github.com/advisories/GHSA-8cvr-4rrf-f244
github.com/cloudflare/cfrpki/commit/71ac74e691dc791731f90b72710975414ecec1eb
github.com/cloudflare/cfrpki/commit/a6eaae8c9142c8c76fda3e60135856d7ae87c78f
github.com/cloudflare/cfrpki/pull/100
github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
www.debian.org/security/2021/dsa-5033
www.debian.org/security/2022/dsa-5041
Related
cve
cve
CVE-2021-3909
2021-11-11 22:15:07
osv
osv
Infinite open connection causes OctoRPKI to hang forever
2021-11-10 20:15:44
Infinite open connection causes OctoRPKI to hang forever in github.com/cloudflare/cfrpki
2024-08-21 14:30:26
CVE-2021-3909
2021-11-11 22:15:00
prion
prion
Design/Logic Flaw
2021-11-11 22:15:00
ubuntucve
ubuntucve
CVE-2021-3909
2021-11-11 00:00:00
debiancve
debiancve
CVE-2021-3909
2021-11-11 22:15:07
github
github
Infinite open connection causes OctoRPKI to hang forever
2021-11-10 20:15:44
nvd
nvd
CVE-2021-3909
2021-11-11 22:15:07
cvelist
cvelist
CVE-2021-3909 Infinite open connection causes OctoRPKI to hang forever
2021-11-11 21:45:19
debian
debian
[SECURITY] [DSA 5033-1] fort-validator security update
2021-12-30 19:35:37
[SECURITY] [DSA 5041-1] cfrpki security update
2022-01-11 21:54:05
nessus
nessus
Debian DSA-5033-1 : fort-validator - security update
2021-12-31 00:00:00
Debian DSA-5041-1 : cfrpki - security update
2022-01-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5033-1)
2022-01-01 00:00:00
Debian: Security Advisory (DSA-5041-1)
2022-01-12 00:00:00