Skip to main content

Routinator CVE-2023-39916

MEDIUM
Path Traversal: '.../...//' (CWE-35)
2023-09-13 sep@nlnetlabs.nl
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 13, 2023 - 15:15 nvd
MEDIUM 6.5

DescriptionNVD

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.

AnalysisAI

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-35. NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. Affected products include: Nlnetlabs Routinator.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-17366 HIGH POC
7.4 Aug 05

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. Rated high severity (CVSS 7.4), this vulnerability

CVE-2026-49235 HIGH
8.7 Jun 08

Denial of service in NLnet Labs Routinator allows remote attackers to crash the RPKI validator by serving a crafted Docu

CVE-2026-49232 HIGH
8.7 Jun 08

Denial of service in NLnet Labs Routinator allows remote unauthenticated attackers to crash the daemon by opening a larg

CVE-2026-49233 HIGH
8.3 Jun 08

Path traversal in NLnet Labs Routinator allows remote attackers to escape the rsync cache directory by supplying rsync U

CVE-2026-49234 HIGH
8.2 Jun 08

Denial of service in NLnet Labs Routinator (an RPKI Relying Party software) allows remote attackers to crash the daemon

CVE-2024-1622 HIGH
7.5 Feb 26

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too q

CVE-2023-39915 HIGH
7.5 Sep 13

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects.

CVE-2022-3029 HIGH
7.5 Sep 13

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and

CVE-2021-43174 HIGH
7.5 Nov 09

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP r

CVE-2021-43173 HIGH
7.5 Nov 09

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not ans

CVE-2021-43172 HIGH
7.5 Nov 09

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to ne

CVE-2021-41531 HIGH
7.5 Sep 21

NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length

Share

CVE-2023-39916 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy