Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-43173
HistoryNov 09, 2021 - 12:00 a.m.

CVE-2021-43173

2021-11-0900:00:00
ubuntu.com
ubuntu.com
8
nlnet labs routinator
validation delay
rrdp repository
time-out
stall
debian bug
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

54.9%

JSON

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed
significantly by an RRDP repository by not answering but slowly
drip-feeding bytes to keep the connection alive. This can be used to
effectively stall validation. While Routinator has a configurable time-out
value for RRDP connections, this time-out was only applied to individual
read or write operations rather than the complete request. Thus, if an RRDP
repository sends a little bit of data before that time-out expired, it can
continuously extend the time it takes for the request to finish. Since
validation will only continue once the update of an RRDP repository has
concluded, this delay will cause validation to stall, leading to Routinator
continuing to serve the old data set or, if in the initial validation run
directly after starting, never serve any data at all.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfort-validator< anyUNKNOWN

Related

cvelist 1
prion 1
veracode 1
debiancve 1
nvd 1
cve 1
osv 7
freebsd 1
nessus 3
openvas 2
debian 2
cvelist
cvelist
CVE-2021-43173 Hanging RRDP request
2021-11-09 16:41:40
prion
prion
Design/Logic Flaw
2021-11-09 17:15:00
veracode
veracode
Inconsistent Validation
2021-12-28 18:02:12
debiancve
debiancve
CVE-2021-43173
2021-11-09 17:15:07
nvd
nvd
CVE-2021-43173
2021-11-09 17:15:07
cve
cve
CVE-2021-43173
2021-11-09 17:15:07
osv
osv
CVE-2021-43172
2021-11-09 17:15:07
CVE-2021-43173
2021-11-09 17:15:07
Memory exhaustion in routinator
2021-11-11 00:55:08
freebsd
freebsd
routinator -- multiple vulnerabilities
2021-11-09 00:00:00
nessus
nessus
FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)
2022-01-05 00:00:00
Debian DSA-5033-1 : fort-validator - security update
2021-12-31 00:00:00
Debian DSA-5041-1 : cfrpki - security update
2022-01-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5033-1)
2022-01-01 00:00:00
Debian: Security Advisory (DSA-5041-1)
2022-01-12 00:00:00
debian
debian
[SECURITY] [DSA 5033-1] fort-validator security update
2021-12-30 19:35:37
[SECURITY] [DSA 5041-1] cfrpki security update
2022-01-11 21:54:05

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

54.9%

JSON
Related for UB:CVE-2021-43173
cvelist1prion1veracode1debiancve1nvd1cve1osv7freebsd1nessus3openvas2debian2