Skip to main content

Octorpki

9 CVEs product

Monthly

CVE-2021-3978 Go HIGH PATCH This Week

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Rated high severity (CVSS 7.5). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Octorpki Cloudflare
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-3616 Go HIGH PATCH This Week

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-3912 Go MEDIUM PATCH This Month

OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3911 Go MEDIUM PATCH This Month

If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3910 Go MEDIUM PATCH This Month

OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Octorpki Debian Linux Cloudflare
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.6%
CVE-2021-3909 Go HIGH PATCH This Week

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-3908 Go HIGH PATCH This Week

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-3907 Go CRITICAL PATCH Act Now

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Octorpki Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2021-3761 Go HIGH PATCH This Week

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Octorpki Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Rated high severity (CVSS 7.5). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Octorpki Cloudflare
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Octorpki Debian Linux +1
NVD GitHub VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki Debian Linux
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Octorpki Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Octorpki +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy