CVE-2021-3912

Uncontrolled Resource Consumption in go/github.com/cloudflare/cfrpki

Identifiers

CVE-2021-3912, GHSA-g9wh-3vrx-r7hg

Package Slug

go/github.com/cloudflare/cfrpki

Vulnerability

Uncontrolled Resource Consumption

Description

OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).

Affected Versions

All versions before 1.3.0

Solution

Upgrade to version 1.3.0 or above.

Last Modified

2021-11-18

source