{"id":"GO-2022-0246","summary":"Insufficient validation in github.com/cloudflare/cfrpki","details":"The ROAEntry.Validate function fails to perform bounds checks on the MaxLength field, allowing invalid values to pass validation.","aliases":["CVE-2021-3761","GHSA-c8xp-8mf3-62h9"],"modified":"2026-03-17T04:13:48.499245Z","published":"2022-07-15T23:06:38Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2022-0246"},"references":[{"type":"FIX","url":"https://github.com/cloudflare/cfrpki/pull/90"},{"type":"FIX","url":"https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422"}],"affected":[{"package":{"name":"github.com/cloudflare/cfrpki","ecosystem":"Go","purl":"pkg:golang/github.com/cloudflare/cfrpki"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["ROAEntry.Validate","RPKIROA.ValidateEntries"],"path":"github.com/cloudflare/cfrpki/validator/lib"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0246.json"}}],"schema_version":"1.7.5","credits":[{"name":"Job Snijders"}]}