Termination of RTR Connections Due to Incoming Reset
CVE-2024-1622

7.5HIGH

Key Information:

Vendor: Nlnet Labs
Status: Routinator
Vendor: CVE Published:; 26 February 2024

What is CVE-2024-1622?

The identified vulnerability in Routinator arises from a flaw in its error handling mechanisms. Specifically, when an RTR connection is reset by the peer immediately after establishment, Routinator fails to manage the situation appropriately, resulting in an unexpected termination of the application. This behavior could lead to availability issues for services relying on Routinator, impacting users and organizations that depend on this tool for internet routing information. Proper mitigation measures should be taken to avoid disruptions caused by this vulnerability.

Affected Version(s)

Routinator 0.13.2

References

https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-16...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Feb 19, 2024

Credit

Yohei Nishimura, Atsushi Enomoto, Ruka Miyachi; Internet Multifeed Co., Japan

CVE-2024-1622 Data

JSON

Nlnet Labs

What is CVE-2024-1622?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit