CVE-2023-39915

High

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to…

NLnet Labs·CWE-232·Published 2023-09-13

CVSS

7.5

EPSS

0.01

KEV

Exploits

Vendor statements (1)

nlnetlabs.nl

cve.orgen

211 chars

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.

NVDes

246 chars

El Routinator de NLnet Labs hasta la versión 0.12.1 incluida puede fallar al intentar analizar ciertos objetos RPKI con formato incorrecto. Esto se debe a una verificación de entrada insuficiente en la biblioteca bder cubierta por CVE-2023-39914.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H