CVE-2021-3911
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.
Affected (2)
Products: Cloudflare: Octorpki · Debian: Debian Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.3.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.0 |
Related CWEs
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
CWE-252
Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
References (4)
Source: cna@cloudflare.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.