Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-3029

UNKNOWN
Published 2022-09-13T15:17:57.226892Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-3029. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

NLnet Labs

Routinator

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

NLnet Labs Routinator has Reachable Assertion vulnerability

GHSA-m4vx-ccrf-w399

Advisory Details

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files which are not correctly base 64 encoded are treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data.

Affected Packages

crates.io routinator
ECOSYSTEM: ≥0.9.0 <0.11.3

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-3029
WEB https://github.com/NLnetLabs/routinator/pull/781/commits/c2e2476f28f09ea5ffb22d172d84fb4f8384d496
PACKAGE https://github.com/NLnetLabs/routinator
WEB https://github.com/NLnetLabs/routinator/releases/tag/v0.11.3
WEB https://www.nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt

Advisory provided by GitHub Security Advisory Database. Published: September 14, 2022, Modified: September 20, 2022

References

https://www.nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt
Published: 2022-09-13T15:17:57.226892Z
Last Modified: 2024-09-16T17:49:23.765Z
Copied to clipboard!