CVE-2023-39915

2023-09-1315:15:07

CWE-228

[email protected]

web.nvd.nist.gov

nlnet labs

routinator

version 0.12.1

crash

parsing

rpki

objects

input checking

bcder library

cve-2023-39914

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.

Affected configurations

NVD

Node

nlnetlabsroutinatorRange<0.12.2

CPENameOperatorVersion
nlnetlabs:routinatornlnetlabs routinatorlt0.12.2

CPE	Name	Operator	Version
nlnetlabs:routinator	nlnetlabs routinator	lt	0.12.2

CNA Affected

[
  {
    "vendor": "NLnet Labs",
    "product": "Routinator",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThan": "0.12.2",
        "versionType": "semver"
      },
      {
        "version": "0.12.2",
        "status": "unaffected",
        "lessThan": "*",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]