An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.
References
Link | Resource |
---|---|
https://github.com/NLnetLabs/routinator/issues/319 | Exploit Issue Tracking Third Party Advisory |
https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0 | Release Notes Third Party Advisory |
Configurations
History
27 Jan 2023, 21:01
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/NLnetLabs/routinator/issues/319 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0 - Release Notes, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.4 |
Information
Published : 2020-08-05 22:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-17366
Mitre link : CVE-2020-17366
CVE.ORG link : CVE-2020-17366
JSON object : View
Products Affected
nlnetlabs
- routinator
CWE
CWE-295
Improper Certificate Validation