admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-11 22:01:03 +00:00
parent f52272535a
commit 7e66fc34c4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 606 additions and 546 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
2021/3xxx/CVE-2021-3907.json
View File

@ -1,98 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:16:00.000Z",
"ID": "CVE-2021-3907",
"STATE": "PUBLIC",
"TITLE": "Arbitrary filepath traversal via URI injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:16:00.000Z",
"ID": "CVE-2021-3907",
"STATE": "PUBLIC",
"TITLE": "Arbitrary filepath traversal via URI injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI does not escape a URI with a filename containing \"..\", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI does not escape a URI with a filename containing \"..\", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh",
"name": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

183
2021/3xxx/CVE-2021-3908.json
View File

@ -1,98 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:28:00.000Z",
"ID": "CVE-2021-3908",
"STATE": "PUBLIC",
"TITLE": "Infinite certificate chain depth results in OctoRPKI running forever"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:28:00.000Z",
"ID": "CVE-2021-3908",
"STATE": "PUBLIC",
"TITLE": "Infinite certificate chain depth results in OctoRPKI running forever"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq",
"name": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

183
2021/3xxx/CVE-2021-3909.json
View File

@ -1,98 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:41:00.000Z",
"ID": "CVE-2021-3909",
"STATE": "PUBLIC",
"TITLE": "Infinite open connection causes OctoRPKI to hang forever"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:41:00.000Z",
"ID": "CVE-2021-3909",
"STATE": "PUBLIC",
"TITLE": "Infinite open connection causes OctoRPKI to hang forever"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244",
"name": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

183
2021/3xxx/CVE-2021-3910.json
View File

@ -1,98 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:48:00.000Z",
"ID": "CVE-2021-3910",
"STATE": "PUBLIC",
"TITLE": "NUL character in ROA causes OctoRPKI to crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:48:00.000Z",
"ID": "CVE-2021-3910",
"STATE": "PUBLIC",
"TITLE": "NUL character in ROA causes OctoRPKI to crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\\0) character)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\\0) character)."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j",
"name": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

183
2021/3xxx/CVE-2021-3911.json
View File

@ -1,98 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:52:00.000Z",
"ID": "CVE-2021-3911",
"STATE": "PUBLIC",
"TITLE": "Misconfigured IP address field in ROA leads to OctoRPKI crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:52:00.000Z",
"ID": "CVE-2021-3911",
"STATE": "PUBLIC",
"TITLE": "Misconfigured IP address field in ROA leads to OctoRPKI crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22",
"name": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

183
2021/3xxx/CVE-2021-3912.json
View File

@ -1,98 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:54:00.000Z",
"ID": "CVE-2021-3912",
"STATE": "PUBLIC",
"TITLE": "OctoRPKI crashes when processing GZIP bomb returned via malicious repository"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
"CVE_data_meta": {
"ASSIGNER": "cna@cloudflare.com",
"DATE_PUBLIC": "2021-11-01T22:54:00.000Z",
"ID": "CVE-2021-3912",
"STATE": "PUBLIC",
"TITLE": "OctoRPKI crashes when processing GZIP bomb returned via malicious repository"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "octorpki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Cloudflare"
}
}
]
},
"vendor_name": "Cloudflare"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
"value": "Koen van Hove"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash)."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg",
"name": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 1.4"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}

18
2021/43xxx/CVE-2021-43576.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43576",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/43xxx/CVE-2021-43577.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43577",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/43xxx/CVE-2021-43578.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43578",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}