CVE-2022-3029

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data.

Ссылки

https://www.nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt
Vendor Advisory
https://www.nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nlnetlabs:routinator:*:*:*:*:*:*:*:*

Версия от 0.9.0 (включая) до 0.11.2 (включая)

EPSS

Процентиль: 67%

0.0054

Низкий

7.5 High

CVSS3

Дефекты

CWE-241

NVD-CWE-Other

Связанные уязвимости

CVE-2022-3029

CVSS3: 7.5

debian

больше 3 лет назад

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...

GHSA-m4vx-ccrf-w399

CVSS3: 7.5

github

больше 3 лет назад

NLnet Labs Routinator has Reachable Assertion vulnerability

EPSS

Процентиль: 67%

0.0054

Низкий

7.5 High

CVSS3

Дефекты

CWE-241

NVD-CWE-Other