OctoRPKI (github.com/cloudflare/cfrpki/cmd/octorpki) does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

### For more information
If you have any questions or comments about this advisory email us at [email protected]

Affected Packages

Go github.com/cloudflare/cfrpki

Affected versions: 0 (fixed in 1.4.0)

Related CVEs

CVE-2021-3908

Key Information

GHSA ID

GHSA-g5gj-9ggf-9vmq

Published

November 10, 2021 8:38 PM

Last Modified

October 2, 2023 3:58 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/cloudflare/cfrpki

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.