CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
54.9%
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed
significantly by an RRDP repository by not answering but slowly
drip-feeding bytes to keep the connection alive. This can be used to
effectively stall validation. While Routinator has a configurable time-out
value for RRDP connections, this time-out was only applied to individual
read or write operations rather than the complete request. Thus, if an RRDP
repository sends a little bit of data before that time-out expired, it can
continuously extend the time it takes for the request to finish. Since
validation will only continue once the update of an RRDP repository has
concluded, this delay will cause validation to stall, leading to Routinator
continuing to serve the old data set or, if in the initial validation run
directly after starting, never serve any data at all.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | fort-validator | < any | UNKNOWN |
github.com/NLnetLabs/routinator/pull/612
github.com/NLnetLabs/routinator/pull/666
launchpad.net/bugs/cve/CVE-2021-43173
nvd.nist.gov/vuln/detail/CVE-2021-43173
security-tracker.debian.org/tracker/CVE-2021-43173
www.cve.org/CVERecord?id=CVE-2021-43173
www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
54.9%