An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation “.roa” files or X509 Certificate Revocation List files from the RPKI relying party’s view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability
CPE | Name | Operator | Version |
---|---|---|---|
rpki_validator_3 | ge | 3.0 | |
rpki_validator_3 | le | 3.1 |