CVE-2021-41531

Summary

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.

Affected Software

VendorProductVersion RangeStatus
NLnet LabsRoutinatorunspecified <= 0.9.0affected

Weaknesses

  • CWE-1288: CWE-1288: Improper Validation of Consistency within Input

ADP Enrichment

CVE Program Container

Additional References

References