CVE-2021-3908

Sažetak

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

Reference

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
https://www.debian.org/security/2022/dsa-5041

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

09-08-2022 - 13:42

Objavljeno

11-11-2021 - 22:15