Note:
This project will be discontinued after December 13, 2021. [more]
2020-08-05
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.
Products | Routinator |
Type | Improper Certificate Validation (CWE-295) |
First patch | - None (likely due to unavailable code) |
Links |
• https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0
• https://github.com/NLnetLabs/routinator/issues/319 |