CVE-2021-3909

Name of the Vulnerable Software and Affected Versions OctoRPKI (affected versions not specified)

Description The issue allows for a slowloris DOS attack to take place, making OctoRPKI wait forever. This occurs because OctoRPKI does not limit the length of a connection. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. This can cause OctoRPKI to hang forever.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.