CVE-2023-39915— Crashes on parsing certain invalid RPKI objects
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-39915
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crashes on parsing certain invalid RPKI objects
Source: NVD (National Vulnerability Database)
Vulnerability Description
NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未定义值处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
NLnet Labs Routinator 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NLnet Labs Routinator是荷兰NLnet Labs团队的一款使用Rust语言编写的RPKI(资源公钥基础设施)验证器。 NLnet Labs Routinator 0.12.1及之前版本存在安全漏洞,该漏洞源于输入检查不足,在尝试解析某些格式错误的RPKI对象时可能会崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NLnet Labs | Routinator | * ~ 0.12.2 | - |
II. Public POCs for CVE-2023-39915
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-39915
请登录查看更多情报信息。
- https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txtvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39915
Same Patch Batch · NLnet Labs · 2023-09-13 · 3 CVEs total
| CVE-2023-39916 | 9.3 CRITICAL | Possible path traversal when storing RRDP responses |
| CVE-2023-39914 | 7.5 HIGH | BER/CER/DER decoder panics on invalid input |
IV. Related Vulnerabilities
Same product: Routinator
- CVE-2025-0638
Routinator crashes when illegal characters are present in ma - CVE-2024-1622
Routinator terminates when RTR connection is reset too quick - CVE-2023-39916
Possible path traversal when storing RRDP responses - CVE-2022-3029
Fatal error on incorrect base64 data in RRDP - CVE-2021-43174
gzip transfer encoding caused out-of-memory crash
Same vendor: NLnet Labs
- CVE-2025-11411
Possible domain hijacking via promiscuous records in the aut - CVE-2025-5994
Cache poisoning via the ECS-enabled Rebirthday Attack - CVE-2025-0638
Routinator crashes when illegal characters are present in ma - CVE-2024-8508
Unbounded name compression could lead to Denial of Service - CVE-2024-1931
Denial of service when trimming EDE text on positive replies
V. Comments for CVE-2023-39915
No comments yet