blob: c3175e89dde62c115d43a76bc56d37c25ae731cc [file] [log] [blame]
id: GO-TEST-ID
modules:
- module: github.com/cloudflare/cfrpki
versions:
- fixed: 1.4.0
vulnerable_at: 1.3.0
packages:
- package: github.com/cloudflare/cfrpki/cmd/octorpki
summary: Infinite certificate chain depth results in OctoRPKI running forever
description: |-
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to
create children in an ad-hoc fashion, thereby making tree traversal never end.
## Patches
## For more information If you have any questions or comments about this
advisory email us at security@cloudflare.com
cves:
- CVE-2021-3908
ghsas:
- GHSA-g5gj-9ggf-9vmq
references:
- advisory: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3908
- web: https://github.com/cloudflare/cfrpki/releases/tag/v1.4.0
- web: https://www.debian.org/security/2022/dsa-5041
notes:
- lint: 'description: possible markdown formatting (found ## )'
- lint: 'references: too many advisories (found 2, want <=1)'
- lint: 'summary: must contain an affected module or package path (e.g. "github.com/cloudflare/cfrpki")'