In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files which are not correctly base 64 encoded are treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data.

Affected Packages

crates.io routinator

Affected versions: 0.9.0 (fixed in 0.11.3)

Related CVEs

CVE-2022-3029

Key Information

GHSA ID

GHSA-m4vx-ccrf-w399

Published

September 14, 2022 12:00 AM

Last Modified

September 20, 2022 6:15 PM

CVSS Score

7.5 /10

Primary Ecosystem

crates.io

Primary Package

routinator

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.