What is the severity of CVE-2021-3908?

The severity of CVE-2021-3908 is high with a CVSS score of 7.5.

How does CVE-2021-3908 affect OctoRPKI?

CVE-2021-3908 affects OctoRPKI by allowing a CA to create children in an ad-hoc fashion, causing tree traversal to never end.

Which versions of OctoRPKI are affected by CVE-2021-3908?

OctoRPKI versions up to and excluding 1.4.0 are affected by CVE-2021-3908.

How can I fix CVE-2021-3908 in OctoRPKI?

To fix CVE-2021-3908 in OctoRPKI, upgrade to version 1.4.0 or later.

Are there any additional resources for CVE-2021-3908?

Yes, you can find additional resources for CVE-2021-3908 at the following links: [GitHub Security Advisory](https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq) and [NVD](https://nvd.nist.gov/vuln/detail/CVE-2021-3908).

Vulnerability/
CVE-2021-3908

high

7.5

CWE

400 835

1/11/2021

10/11/2021

3/8/2024

CVE-2021-3908: Infinite certificate chain depth results in OctoRPKI running forever

First published: Mon Nov 01 2021(Updated: )

OctoRPKI (github.com/cloudflare/cfrpki/cmd/octorpki) does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. ### For more information If you have any questions or comments about this advisory email us at security@cloudflare.com

Credit: cna@cloudflare.com cna@cloudflare.com

Affected Software	Affected Version	How to fix
Cloudflare Octorpki	<1.3.0
Debian Debian Linux	=11.0
debian/cfrpki		1.4.2-1~deb11u1 1.4.4-1 1.5.10-2

Remedy

Upgrade to 1.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-3908?
The severity of CVE-2021-3908 is high with a CVSS score of 7.5.
How does CVE-2021-3908 affect OctoRPKI?
CVE-2021-3908 affects OctoRPKI by allowing a CA to create children in an ad-hoc fashion, causing tree traversal to never end.
Which versions of OctoRPKI are affected by CVE-2021-3908?
OctoRPKI versions up to and excluding 1.4.0 are affected by CVE-2021-3908.
How can I fix CVE-2021-3908 in OctoRPKI?
To fix CVE-2021-3908 in OctoRPKI, upgrade to version 1.4.0 or later.
Are there any additional resources for CVE-2021-3908?
Yes, you can find additional resources for CVE-2021-3908 at the following links: [GitHub Security Advisory](https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq) and [NVD](https://nvd.nist.gov/vuln/detail/CVE-2021-3908).

collector/github-advisory-latest
alias/GHSA-g5gj-9ggf-9vmq
alias/CVE-2021-3908
collector/github-advisory
collector/security-tracker-debian
collector/nvd-index
collector/nvd-cve
agent/type
agent/weakness
agent/author
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/remedy
agent/last-modified-date
agent/title
agent/description
agent/event
agent/first-publish-date
agent/tags
agent/trending
package-manager/go
package-manager/debian
vendor/cloudflare
canonical/cloudflare octorpki
vendor/debian
canonical/debian debian linux
version/debian debian linux/11.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.