Excessive Iteration
CVE-2022-3616
Summary
Attackers can create long chains of CAs that would lead to OctoRPKI versions through 1.4.3 exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-834 - Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
References
Advisory Timeline
- Published