CVE-2022-3616 Vulnerability Details

  /     /     /  

CVE-2022-3616 Metadata Quick Info

CVE Published: 28/10/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: cloudflare | Vendor: Cloudflare | Product: OctoRPKI
Status : PUBLISHED

---

CVE-2022-3616 Description

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-754
CWE Name: CWE-754 Improper Check for Unusual or Exceptional Conditions
Source: Cloudflare

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-153
CAPEC Description: CAPEC-153 Input Data Manipulation


Source: NVD (National Vulnerability Database).