CVE-2020-17366

Published: Aug 5, 2020Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.

Affected (1)

Products: Nlnetlabs: Routinator

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nlnetlabs Routinator	From 0.1.0 to 0.7.1

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (4)

https://github.com/NLnetLabs/routinator/issues/319

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/NLnetLabs/routinator/issues/319

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.