CVE-2020-16164
HIGHRIPE NCC RPKI Validator 3.x < 3.1-2020.07.06.14.28 - Improper Certificate Validation
Title source: llmDescription
An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/RIPE-NCC/rpki-validator-3/issues/232
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/RIPE-NCC/rpki-validator-3/issues/158
Third Party Advisory x_refsource_misc
https://github.com/RIPE-NCC/rpki-validator-3/security/advisories/GHSA-q76j-58cx-wp5v
Scores
CVSS v3
7.4
EPSS
0.0091
EPSS Percentile
55.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (1)
ripe/rpki_validator_3
3.0 - 3.1-2020.07.06.14.28
Published
Jul 30, 2020
Tracked Since
Feb 18, 2026