Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="e4133d8b-ab33-451a-bc68-3719de73d54a"> |
2 |
<topic>routinator -- potential DOS attack</topic> |
3 |
<affects> |
4 |
<package> |
5 |
<name>routinator</name> |
6 |
<range><ge>0.9.0</ge><lt>0.11.3</lt></range> |
7 |
</package> |
8 |
</affects> |
9 |
<description> |
10 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
11 |
<p> |
12 |
Due to a mistake in error handling, data in RRDP snapshot and delta files |
13 |
that isn’t correctly base 64 encoded is treated as a fatal error and causes |
14 |
Routinator to exit. |
15 |
|
16 |
Worst case impact of this vulnerability is denial of service for the RPKI |
17 |
data that Routinator provides to routers. This may stop your network from |
18 |
validating route origins based on RPKI data. This vulnerability does not |
19 |
allow an attacker to manipulate RPKI data. We are not aware of exploitation |
20 |
of this vulnerability at this point in time. |
21 |
|
22 |
Starting with release 0.11.3, Routinator handles encoding errors by rejecting |
23 |
the snapshot or delta file and continuing with validation. In case of an |
24 |
invalid delta file, it will try using the snapshot instead. If a snapshot file |
25 |
is invalid, the update of the repository will fail and an update through rsync |
26 |
is attempted. |
27 |
</p> |
28 |
<blockquote cite="https://www.cvedetails.com/cve/CVE-2022-3029/"> |
29 |
<p>.</p> |
30 |
</blockquote> |
31 |
</body> |
32 |
</description> |
33 |
<references> |
34 |
<cvename>CVE-2022-3029</cvename> |
35 |
<url>https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt</url> |
36 |
</references> |
37 |
<dates> |
38 |
<discovery>2022-10-06</discovery> |
39 |
<entry>2022-10-07</entry> |
40 |
</dates> |
41 |
</vuln> |
42 |
|
1 |
<vuln vid="f4f15051-4574-11ed-81a1-080027881239"> |
43 |
<vuln vid="f4f15051-4574-11ed-81a1-080027881239"> |
2 |
<topic>Django -- multiple vulnerabilities</topic> |
44 |
<topic>Django -- multiple vulnerabilities</topic> |
3 |
<affects> |
45 |
<affects> |