CVE-2023-39915

EPSS 0.35%
Published 13.09.2023 15:15:07
Last modified 21.11.2024 08:16:01
Source sep@nlnetlabs.nl
Teams watchlist Login
Open Login

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Nlnetlabs ≫ Routinator Version < 0.12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.562

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sep@nlnetlabs.nl	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-232 Improper Handling of Undefined Values

The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

CWE-240 Improper Handling of Inconsistent Structural Elements

The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.

https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39915

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39915

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39915

EUVD