CVE-2023-39915
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NLnet Labs | Routinator | * < 0.12.2 | affected |
| NLnet Labs | Routinator | 0.12.2 < * | unaffected |
Weaknesses
- CWE-232: CWE-232: Improper Handling of Undefined Values
- CWE-240: CWE-240: Improper Handling of Inconsistent Structural Elements
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.