| id: GO-2022-0251 |
| modules: |
| - module: github.com/cloudflare/cfrpki |
| versions: |
| - fixed: 1.4.0 |
| vulnerable_at: 1.3.0 |
| packages: |
| - package: github.com/cloudflare/cfrpki/validator/lib |
| symbols: |
| - readObject |
| derived_symbols: |
| - BER2DER |
| - DecodeManifest |
| - DecoderConfig.DecodeManifest |
| summary: Panic on NUL character in ROA in github.com/cloudflare/cfrpki |
| description: |- |
| OctoRPKI crashes when a repository returns an invalid ROA that is only an |
| encoded NUL character (\0). |
| published: 2022-07-15T23:07:28Z |
| cves: |
| - CVE-2021-3910 |
| ghsas: |
| - GHSA-5mxh-2qfv-4g7j |
| credits: |
| - Koen van Hove |
| references: |
| - fix: https://github.com/cloudflare/cfrpki/commit/76f0f7a98da001fa04e5bc0407c6702f91096bfa |
| review_status: REVIEWED |