CVE-2020-17366

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-17366

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17366.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-17366

Published

2020-08-05T22:15:12.277Z

Modified

2026-03-14T10:19:14.928706Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.

References

Affected packages

Git / github.com/nlnetlabs/routinator

Affected ranges

Type

GIT

Repo

https://github.com/nlnetlabs/routinator

Events

Introduced

8c0ad679a3f00322b9b2253f7f3e65008c04367b

Last affected

6563067566b12e35ef5ee1495432802f9ca5e3c9

Fixed

f566242734574a2392a7a151bdea9ba033a6698f

Database specific

{
    "versions": [
        {
            "introduced": "0.1.0"
        },
        {
            "last_affected": "0.7.1"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.5.0

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.7.0

v0.7.0-rc1

v0.7.0-rc2

v0.7.0-rc3

v0.7.1

v0.7.1-rc1

v0.7.1-rc2

v0.8.0-rc1

v0.8.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17366.json"