Lucene search

NLnet LabsVULNRICHMENT:CVE-2023-39915

HistorySep 13, 2023 - 2:20 p.m.

CVE-2023-39915 Crashes on parsing certain invalid RPKI objects

2023-09-1314:20:59

CWE-232

CWE-240

NLnet Labs

github.com

cve-2023-39915

routinator

nlnet labs

rpki

input checking

bcder library

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

34.3%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.

References

nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

34.3%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-39915