Haynesplspublished

**Name of the Vulnerable Software and Affected Versions** OctoRPKI (affected versions not specified) **Description** The issue allows for a slowloris DOS attack to take place, making OctoRPKI wait forever. This occurs because OctoRPKI does not limit the length of a connection. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. This can cause OctoRPKI to hang forever. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.