CVE-2023-39915

Summary

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.

Affected Software

VendorProductVersion RangeStatus
NLnet LabsRoutinator* < 0.12.2affected
NLnet LabsRoutinator0.12.2 < *unaffected

Weaknesses

  • CWE-232: CWE-232: Improper Handling of Undefined Values
  • CWE-240: CWE-240: Improper Handling of Inconsistent Structural Elements

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References