Denial of Service (DoS) Affecting github.com/cloudflare/cfrpki/validator/lib package, versions <1.4.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
11 Nov 2021
10 Nov 2021
How to fix?
github.com/cloudflare/cfrpki/validator/lib to version 1.4.0 or higher.
github.com/cloudflare/cfrpki/validator/lib is a package of Cloudflare's RPKI Toolbox.
Affected versions of this package are vulnerable to Denial of Service (DoS). If the ROA that a repository returns contains too many bits for the IP address then
OctoRPKI will crash.