CVEs-PoC/2021/CVE-2021-3909.md

### [CVE-2021-3909](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3909)
![](https://img.shields.io/static/v1?label=Product&message=octorpki&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%201.4.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)

### Description

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ChamalBandara/CVEs