CVE-2022-3616 — MEDIUM (5.4)

Q: How severe is CVE-2022-3616?

CVE-2022-3616 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3616?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Octorpki.

Vulnerability Description

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cloudflare	Octorpki	< 1.4.4

Related Weaknesses (CWE)

CWE-754 CWE-834

References

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pcThird Party Advisory
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pcThird Party Advisory

FAQ

What is CVE-2022-3616?

CVE-2022-3616 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validat...

How severe is CVE-2022-3616?

CVE-2022-3616 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3616?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Octorpki.