CVE-2021-41531

Name of the Vulnerable Software and Affected Versions NLnet Labs Routinator versions prior to 0.10.0

Description The issue arises when an RPKI CA uses excessively large values in the max-length parameter within a ROA, causing NLnet Labs Routinator to produce an invalid RTR payload. This results in RTR clients, such as routers, rejecting the RPKI data set, which effectively disables Route Origin Validation.

Recommendations For versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of large values in the max-length parameter in ROAs to prevent the production of invalid RTR payloads until a patch is applied.