CVE-2022-3029

Name of the Vulnerable Software and Affected Versions NLnet Labs Routinator versions 0.9.0 through 0.11.2

Description The issue arises from a mistake in error handling, where data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error, causing Routinator to exit. This can lead to a denial of service for the RPKI data that Routinator provides to routers, potentially stopping networks from validating route origins based on RPKI data. However, this issue does not allow an attacker to manipulate RPKI data.

Recommendations For NLnet Labs Routinator versions 0.9.0 through 0.11.2, consider updating to a version where this error handling issue is fixed, as the current version can cause Routinator to exit due to incorrectly base 64 encoded data in RRDP files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.