CVE-2024-1622 - Vulnerability Details - OpenCVE

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fedoraproject	Fedora
Nlnetlabs	Routinator

Configuration 1 [-]

cpe:2.3:a:nlnetlabs:routinator:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/
https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt

History

Thu, 27 Feb 2025 03:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Nlnetlabs Nlnetlabs routinator
Weaknesses		CWE-754
CPEs		cpe:2.3:a:nlnetlabs:routinator:::::::: cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Nlnetlabs Nlnetlabs routinator

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: NLnet Labs

Published: 2024-02-26T13:35:51.909Z

Updated: 2025-02-13T17:32:19.432Z

Reserved: 2024-02-19T11:06:37.459Z

Link: CVE-2024-1622

Vulnrichment

Updated: 2024-08-01T18:48:21.895Z

NVD

Status : Analyzed

Published: 2024-02-26T16:27:52.387

Modified: 2025-02-27T03:05:58.637

Link: CVE-2024-1622

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1622", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "state": "PUBLISHED", "assignerShortName": "NLnet Labs", "dateReserved": "2024-02-19T11:06:37.459Z", "datePublished": "2024-02-26T13:35:51.909Z", "dateUpdated": "2025-02-13T17:32:19.432Z"}, "containers": {"cna": {"title": "Routinator terminates when RTR connection is reset too quickly after opening", "datePublic": "2024-02-26T00:00:00.000Z", "affected": [{"vendor": "NLnet Labs", "product": "Routinator", "versions": [{"version": "0.13.2", "status": "unaffected", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-253", "description": "CWE-253 Incorrect Check of Function Return Value", "type": "CWE"}]}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.13.2 and all later versions."}], "timeline": [{"time": "2024-02-13T00:00:00.000Z", "lang": "en", "value": "Issue reported"}, {"time": "2024-02-26T00:00:00.000Z", "lang": "en", "value": "Fixes released"}], "credits": [{"lang": "en", "value": "Yohei Nishimura, Atsushi Enomoto, Ruka Miyachi; Internet Multifeed Co., Japan", "type": "finder"}], "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/"}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2024-03-23T02:06:43.815Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T16:04:33.625005Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:01.305Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.895Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.895Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T16:04:33.625005Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.959Z"}}], "cna": {"title": "Routinator terminates when RTR connection is reset too quickly after opening", "credits": [{"lang": "en", "type": "finder", "value": "Yohei Nishimura, Atsushi Enomoto, Ruka Miyachi; Internet Multifeed Co., Japan"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NLnet Labs", "product": "Routinator", "versions": [{"status": "unaffected", "version": "0.13.2", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-02-13T00:00:00.000Z", "value": "Issue reported"}, {"lang": "en", "time": "2024-02-26T00:00:00.000Z", "value": "Fixes released"}], "solutions": [{"lang": "en", "value": "This issue is fixed in 0.13.2 and all later versions."}], "datePublic": "2024-02-26T00:00:00.000Z", "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/"}], "descriptions": [{"lang": "en", "value": "Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-253", "description": "CWE-253 Incorrect Check of Function Return Value"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2024-03-23T02:06:43.815Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1622", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:32:19.432Z", "dateReserved": "2024-02-19T11:06:37.459Z", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "datePublished": "2024-02-26T13:35:51.909Z", "assignerShortName": "NLnet Labs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:routinator:*:*:*:*:*:*:*:*", "matchCriteriaId": "68B8FBA1-FBA2-4A41-AB57-E2880A02879E", "versionEndExcluding": "0.13.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening."}, {"lang": "es", "value": "Debido a un error en la verificaci\u00f3n de errores, Routinator finalizar\u00e1 cuando el interlocutor restablezca una conexi\u00f3n RTR entrante demasiado r\u00e1pido despu\u00e9s de abrirla."}], "id": "CVE-2024-1622", "lastModified": "2025-02-27T03:05:58.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sep@nlnetlabs.nl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:27:52.387", "references": [{"source": "sep@nlnetlabs.nl", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/"}, {"source": "sep@nlnetlabs.nl", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/"}, {"source": "sep@nlnetlabs.nl", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/"}, {"source": "sep@nlnetlabs.nl", "tags": ["Vendor Advisory"], "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt"}], "sourceIdentifier": "sep@nlnetlabs.nl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-253"}], "source": "sep@nlnetlabs.nl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Secondary"}]}