CVE-2021-41531

EPSS 0.35%
Published 21.09.2021 14:15:07
Last modified 21.11.2024 06:26:21
Source sep@nlnetlabs.nl
Teams watchlist Login
Open Login

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Nlnetlabs ≫ Routinator Version < 0.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.545

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-1288 Improper Validation of Consistency within Input

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-41531

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41531

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41531

EUVD