CVE-2023-39915
High
Published: 13 September 2023
Published
13 September 2023
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0043
63.2th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2023-39915 is a high-severity Improper Handling of Undefined Values (CWE-232) vulnerability in Nlnetlabs Routinator. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 36.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-43613
Vulnerability details
NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
nlnetlabs
routinator
≤ 0.12.2
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.