CVE-2023-39915

EUVD-2023-43613
NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NLnet LabsCNA
7.5 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
nlnetlabsroutinator
𝑥
< 0.12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt
https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt