Global infos:

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.

CVE Status: Modified

References:

[email protected]

af854a3a-2127-422b-91ae-364da2661108

Metrics:

Attribute	Value
Attack Complexity	HIGH
Attack Vector	NETWORK
Availability Impact	HIGH
Base Score	5.4
Base Severity	MEDIUM
Confidentiality Impact	NONE
Integrity Impact	LOW
Privileges Required	LOW
Scope	UNCHANGED
User Interaction	REQUIRED
Vector String	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H
Exploitability Score	1.2
Impact Score	4.2
Source	[email protected]
Type	Secondary

Links:

Exploit-db
Github