data/reports/GO-2022-0246.yaml - vulndb - Git at Google

 id: GO-2022-0246
 modules:
     - module: github.com/cloudflare/cfrpki
       versions:
         - fixed: 1.3.0
       vulnerable_at: 1.2.2
       packages:
         - package: github.com/cloudflare/cfrpki/validator/lib
           symbols:
             - ROAEntry.Validate
           derived_symbols:
             - RPKIROA.ValidateEntries
 summary: Insufficient validation in github.com/cloudflare/cfrpki
 description: |-
     The ROAEntry.Validate function fails to perform bounds checks on the MaxLength
     field, allowing invalid values to pass validation.
 published: 2022-07-15T23:06:38Z
 cves:
     - CVE-2021-3761
 ghsas:
     - GHSA-c8xp-8mf3-62h9
 credits:
     - Job Snijders
 references:
     - fix: https://github.com/cloudflare/cfrpki/pull/90
     - fix: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
	id: GO-2022-0246
	modules:
	- module: github.com/cloudflare/cfrpki
	versions:
	- fixed: 1.3.0
	vulnerable_at: 1.2.2
	packages:
	- package: github.com/cloudflare/cfrpki/validator/lib
	symbols:
	- ROAEntry.Validate
	derived_symbols:
	- RPKIROA.ValidateEntries
	summary: Insufficient validation in github.com/cloudflare/cfrpki
	description: \|-
	The ROAEntry.Validate function fails to perform bounds checks on the MaxLength
	field, allowing invalid values to pass validation.
	published: 2022-07-15T23:06:38Z
	cves:
	- CVE-2021-3761
	ghsas:
	- GHSA-c8xp-8mf3-62h9
	credits:
	- Job Snijders
	references:
	- fix: https://github.com/cloudflare/cfrpki/pull/90
	- fix: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422