Skip to main content

Excessive Iteration

CVE-2022-3616

Severity High
Score 7.5/10

Summary

Attackers can create long chains of CAs that would lead to OctoRPKI versions through 1.4.3 exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-834 - Excessive Iteration

The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

Advisory Timeline

  • Published