CVE-2022-24798

Name of the Vulnerable Software and Affected Versions IR Rd versions 4.2.0 through 4.2.2

Description The issue is related to the Internet Routing Registry daemon version 4, which is an IRR database server processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorized changes to affected IRR objects. The issue only affected instances that process password hashes, which means it is limited to IRRd instances that serve authoritative databases. IRRd instances operating solely as mirrors of other IRR databases are not affected.

Recommendations For IRRd versions 4.2.0 through 4.2.2, users are strongly recommended to upgrade to version 4.2.3 or the main branch. As a temporary workaround, consider restricting access to the auth field on mntner objects and the objectText field on the journal field on mntner objects to minimize the risk of exploitation. Alternatively, but not recommended, apply the patch manually for version 4.2.x.