NLnet LabsCVELIST:CVE-2023-39915CVE-2023-39915 Crashes on parsing certain invalid RPKI objects
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
CNA Affected
[
{
"vendor": "NLnet Labs",
"product": "Routinator",
"versions": [
{
"version": "*",
"status": "affected",
"lessThan": "0.12.2",
"versionType": "semver"
},
{
"version": "0.12.2",
"status": "unaffected",
"lessThan": "*",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%