CVE-2021-3908

Uncontrolled Resource Consumption in go/github.com/cloudflare/cfrpki

Identifiers

CVE-2021-3908, GHSA-g5gj-9ggf-9vmq

Package Slug

go/github.com/cloudflare/cfrpki

Vulnerability

Uncontrolled Resource Consumption

Description

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

Affected Versions

All versions before 1.3.0

Solution

Upgrade to version 1.3.0 or above.

Last Modified

2021-11-18

source