Primary

Context

Routinator Denial-of-Service Vulnerability Due to Unchecked File Name Characters in RPKI Manifests

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Routinator versions prior to and including 0.14.0. The issue arises when non-ASCII characters in file names within an RPKI manifest are not properly validated. This oversight leads to a crash in Routinator, as later code segments assume the file names have been correctly checked and panic upon encountering illegal characters.

Impact

Exploitation of this vulnerability causes Routinator to crash, disrupting its operation.

Remediation

Users are advised to upgrade to Routinator version 0.14.1 or newer.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Routinator Denial-of-Service Vulnerability Due to Unchecked File Name Characters in RPKI Manifests

Vulnerability

Impact

Remediation

Affected Products

NLnet Labs Routinator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating