Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistNLnet LabsCVELIST:CVE-2023-0158
HistoryJan 17, 2023 - 12:00 a.m.

CVE-2023-0158 Triggered crash on direct RRDP access

2023-01-1700:00:00
CWE-248
NLnet Labs
www.cve.org
1
nlnet labs krill
rrdp repository
web server
crash
security issue
malicious attack

EPSS

0.001

Percentile

38.8%

JSON

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the “/rrdp” endpoint. Prior to 0.12.1 a direct query for any existing directory under “/rrdp/”, rather than an RRDP file such as “/rrdp/notification.xml” as would be expected, causes Krill to crash. If the built-in “/rrdp” endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.

CNA Affected

[
  {
    "vendor": "NLnet Labs",
    "product": "Krill",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "0.12.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
freebsd 1
nessus 1
prion 1
osv 1
cve 1
nvd
nvd
CVE-2023-0158
2023-01-17 17:15:11
freebsd
freebsd
net/krill -- DoS vulnerability
2023-01-10 00:00:00
nessus
nessus
FreeBSD : net/krill -- DoS vulnerability (7844789a-9b1f-11ed-9a3f-b42e991fc52e)
2023-01-23 00:00:00
prion
prion
Code injection
2023-01-17 17:15:00
osv
osv
CVE-2023-0158
2023-01-17 17:15:11
cve
cve
CVE-2023-0158
2023-01-17 17:15:11

EPSS

0.001

Percentile

38.8%

JSON
Related for CVELIST:CVE-2023-0158
nvd1freebsd1nessus1prion1osv1cve1