CVE-2022-3616 - OctoRPKI Certificate Chain Vulnerability – How Attackers Crash the Validation Process

*Discovered by Donika Mirdita and Haya Shulman (Fraunhofer SIT, ATHENE)*

Introduction

In September 2022, security researchers Donika Mirdita and Haya Shulman discovered a critical vulnerability (CVE-2022-3616) in OctoRPKI – an open-source RPKI validator developed by Cloudflare. This vulnerability allowed attackers to intentionally craft excessively long certificate chains, forcing OctoRPKI to exceed its maximum set number of certificate validation iterations. The result: a crash and denial-of-service (DoS) that prevents RPKI validation from completing.

If your organization relies on OctoRPKI for routing security, you need to know how this attack works, why it's a risk, and what you can do to protect your infrastructure.

What is OctoRPKI?

OctoRPKI is a tool that validates the Resource Public Key Infrastructure (RPKI) – a security framework designed to prevent BGP route hijacking in internet routing. In simple terms, OctoRPKI is responsible for securely validating the chain of trust established by Certificate Authorities (CAs) that sign route origin authorizations (ROAs).

The Vulnerability in Simple Words

When OctoRPKI works, it follows a chain of CAs – each certificate is checked to make sure it’s valid and comes from a trusted authority. But, to avoid endless loops or abuse, OctoRPKI sets a maximum number of iterations for checking CA certificates.

CVE-2022-3616: Attackers can abuse this by creating abnormally long (or even cyclic) chains of CA certificates. If the chain is long enough, OctoRPKI will keep following the chain, iteration by iteration, until it surpasses its maximum allowed iterations. At that point, the program crashes, failing to complete the validation. This leads to a denial of service: no valid routing authorizations, potentially causing routing instability or outages.

Let's break down the steps an attacker could use

1. Craft Malicious Certificates: The attacker generates an RPKI CA certificate chain that is intentionally long, or cyclic, to exhaust the validator's iteration limits.

2. Publish the Malicious Chain: The chain is distributed to public RPKI repositories or CA publication points.

3. Trigger Validation: When OctoRPKI fetches these RPKI repositories, it starts validating each certificate in the chain.

4. Exceed Iterations: As the chain is much longer than normal, the validator surpasses its implemented "max iterations" parameter.

5. Application Crashes: OctoRPKI encounters an error due to the exceeded limit, causing it to crash or exit unexpectedly.

6. Denial of Service: With OctoRPKI down, network operators lose validated prefix lists, exposing them to potential route hijacks or outages.

Exploit Example: Proof-of-Concept Code

Below is a simplified Go code snippet that demonstrates how a long (or cyclic) chain might be created. This is only for educational purposes – do not use this against production systems.

// Fake CA Chain Generator (for demonstration only)
package main

import (
    "fmt"
)

func main() {
    maxChainLength := 10000 // Normal chain length is a few levels deep
    chain := make([]string, , maxChainLength)
    
    for i := ; i < maxChainLength; i++ {
        ca := fmt.Sprintf("CA_Level_%d", i)
        chain = append(chain, ca)
    }
    
    // Print out fake certificate chain - would be written as actual CA objects in real attack
    for _, ca := range chain {
        fmt.Println(ca)
    }
}

A real exploit would generate actual X.509 certificates in DER format, with each CA chained to the previous one, stored in an RPKI repository.

Once OctoRPKI starts to validate, it would need to check every certificate in this chain, quickly surpassing its max iterations setting and crashing.

Patch and Fix

Cloudflare quickly addressed the issue in commit #a9db328:

- Improved error handling: Now, when the max iteration limit is reached, OctoRPKI logs an error and skips further validation for that chain, instead of crashing.

Better validation logic: Infinite loops and overly deep chains are now detected and avoided.

> Recommendation:
> - Upgrade your OctoRPKI to the latest release.
> - Monitor logs for signs of failed validation due to long chains.
> - Set up monitoring to alert you if validation stops or if OctoRPKI becomes unresponsive.

References

- CVE-2022-3616 NVD Listing
- OctoRPKI GitHub Security Advisory
- Cloudflare OctoRPKI Source
- Patch Commit a9db328

Credit:  
Discovered and responsibly disclosed by Donika Mirdita and Haya Shulman, Fraunhofer SIT, ATHENE.

Conclusion

CVE-2022-3616 shows how even robust security systems like RPKI can be undermined by protocol abuse and mishandled recursion or iteration limits. If you depend on OctoRPKI for securing your network routes, update immediately and stay vigilant for new ways attackers might try to stress your systems.

For a more technical dive, consult the official advisory and review your incident detection processes for high-iteration errors.

Stay safe, and always keep your validators patched!

Timeline

Published on: 10/28/2022 07:15:00 UTC
Last modified on: 03/29/2023 09:15:00 UTC