blob: ba6591ef2cc7bd0bce4077eb4da0c0090051417b [file] [log] [blame]
id: GO-TEST-ID
modules:
- module: github.com/cloudflare/cfrpki
versions:
- fixed: 1.4.0
vulnerable_at: 1.3.0
packages:
- package: github.com/cloudflare/cfrpki/cmd/octorpki
summary: Infinite certificate chain depth results in OctoRPKI running forever in github.com/cloudflare/cfrpki
description: |-
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to
create children in an ad-hoc fashion, thereby making tree traversal never end.
## Patches
## For more information If you have any questions or comments about this
advisory email us at security@cloudflare.com
cves:
- CVE-2021-3908
ghsas:
- GHSA-g5gj-9ggf-9vmq
references:
- advisory: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
- web: https://github.com/cloudflare/cfrpki/releases/tag/v1.4.0
- web: https://www.debian.org/security/2022/dsa-5041
notes:
- lint: 'description: possible markdown formatting (found ## )'