Cloudflare - Octorpki CVE

Filtered by vendor Cloudflare Subscribe

Filtered by product Octorpki

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-3911	1 Cloudflare	1 Octorpki	2022-01-12	4.3 MEDIUM	6.5 MEDIUM
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.
CVE-2021-3912	1 Cloudflare	1 Octorpki	2022-01-12	4.3 MEDIUM	6.5 MEDIUM
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).

Vulnerabilities (CVE)