CVE-2021-41531 — Improper Validation of Consistency within Input in Routinator

CWE-1288 — Improper Validation of Consistency within Input CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 42.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nlnetlabs Routinator Nlnet Labs Routinator

Timeline

PublishedSep 21

Latest updateMay 24

Description

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDnlnetlabs/routinator< 0.10.0

▶CVEListV5nlnet_labs/routinatorunspecified — 0.9.0

🔴Vulnerability Details

GHSA

GHSA-mjc7-fwvm-67h4: NLnet Labs Routinator prior to 0↗2022-05-24

▶

CVEList

Invalid RPKI data could disable Route Origin Validation on RTR clients.↗2021-09-21

▶