CVE-2023-0158

Name of the Vulnerable Software and Affected Versions NLnet Labs Krill versions prior to 0.12.1

Description The issue arises when a direct query is made for any existing directory under the "/rrdp/" endpoint, rather than an RRDP file, causing the server to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, malicious remote parties can exploit this to crash the publication server, affecting its availability but not the repository content itself.

Recommendations For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/rrdp" endpoint to prevent malicious queries from causing the server to crash.