RSS   Vulnerabilities for 'Octorpki'   RSS

2021-11-11
 
CVE-2021-3907

CWE-22
 

 
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.

 
 
CVE-2021-3908

CWE-400
 

 
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

 
 
CVE-2021-3909

CWE-400
 

 
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.

 
 
CVE-2021-3910

CWE-20
 

 
OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).

 
 
CVE-2021-3911

CWE-252
 

 
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.

 
 
CVE-2021-3912

CWE-400
 

 
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).

 

 >>> Vendor: Cloudflare 3 Products
WARP
Octorpki
Quiche


Copyright 2024, cxsecurity.com

 

Back to Top