GHSA-8cvr-4rrf-f244
GitHub Security Advisory
Infinite open connection causes OctoRPKI to hang forever
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
OctoRPKI (github.com/cloudflare/cfrpki/cmd/octorpki) does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.
## Patches
## For more information
If you have any questions or comments about this advisory email us at [email protected]
Affected Packages
Go
github.com/cloudflare/cfrpki
Affected versions:
0
(fixed in 1.4.0)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: September 15, 2025 6:32 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.