{
  "id": "GO-2022-0252",
  "published": "2022-07-15T23:07:41Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2021-3911",
    "GHSA-w6ww-fmfx-2x22"
  ],
  "details": "Invalid input data can cause a panic.\n",
  "affected": [
    {
      "package": {
        "name": "github.com/cloudflare/cfrpki",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2022-0252"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/cloudflare/cfrpki/validator/lib",
            "symbols": [
              "DecodeROA",
              "DecoderConfig.DecodeROA",
              "GetRangeIP",
              "IPNet.GetRange",
              "RPKICertificate.ValidateIPCertificate",
              "RPKIROA.ValidateIPRoaCertificate",
              "ValidateIPCertificateList",
              "ValidateIPRoaCertificateList"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/cloudflare/cfrpki/commit/2882307febd66801de97b2a2ce4d93fe58132005"
    }
  ],
  "credits": [
    {
      "name": "Koen van Hove"
    }
  ]
}