blob: cc9df5813cb0901cf695b40d60f4d7304bc398db [file] [log] [blame]
id: GO-2022-0251
modules:
- module: github.com/cloudflare/cfrpki
versions:
- fixed: 1.4.0
vulnerable_at: 1.3.0
packages:
- package: github.com/cloudflare/cfrpki/validator/lib
symbols:
- readObject
derived_symbols:
- BER2DER
- DecodeManifest
- DecoderConfig.DecodeManifest
summary: Panic on NUL character in ROA in github.com/cloudflare/cfrpki
description: |-
OctoRPKI crashes when a repository returns an invalid ROA that is only an
encoded NUL character (\0).
published: 2022-07-15T23:07:28Z
cves:
- CVE-2021-3910
ghsas:
- GHSA-5mxh-2qfv-4g7j
credits:
- Koen van Hove
references:
- fix: https://github.com/cloudflare/cfrpki/commit/76f0f7a98da001fa04e5bc0407c6702f91096bfa
review_status: REVIEWED