OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).
References
| Link | Resource |
|---|---|
| https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j | Third Party Advisory |
| https://www.debian.org/security/2022/dsa-5041 | Third Party Advisory |
| https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j | Third Party Advisory |
| https://www.debian.org/security/2022/dsa-5041 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:22
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 4.4 |
| References | () https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j - Third Party Advisory | |
| References | () https://www.debian.org/security/2022/dsa-5041 - Third Party Advisory |
Information
Published : 2021-11-11 22:15
Updated : 2024-11-21 06:22
NVD link : CVE-2021-3910
Mitre link : CVE-2021-3910
CVE.ORG link : CVE-2021-3910
JSON object : View
Products Affected
cloudflare
- octorpki
debian
- debian_linux
CWE
CWE-20
Improper Input Validation