CVE-2023-0158 – Triggered crash on direct RRDP access

https://notcve.org/view.php?id=CVE-2023-0158

17 Jan 2023 — NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availabi... • https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt • CWE-248: Uncaught Exception •