Vulnerabilities > Cloudflare > Octorpki > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-28 | CVE-2022-3616 | Excessive Iteration vulnerability in Cloudflare Octorpki Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. | 7.5 |
| 2021-11-11 | CVE-2021-3908 | Infinite Loop vulnerability in multiple products OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | 7.5 |
| 2021-11-11 | CVE-2021-3909 | Resource Exhaustion vulnerability in multiple products OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. | 7.5 |
| 2021-11-11 | CVE-2021-3910 | Improper Input Validation vulnerability in multiple products OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | 7.5 |
| 2021-09-09 | CVE-2021-3761 | Out-of-bounds Write vulnerability in multiple products Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. | 7.5 |