// For flags

CVE-2023-0158

Triggered crash on direct RRDP access

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.

NLnet Labs Krill admite el acceso directo al contenido del repositorio RRDP a través de su servidor web integrado en el endpoint "/rrdp". Antes de 0.12.1, una consulta directa a cualquier directorio existente en "/rrdp/", en lugar de un archivo RRDP como "/rrdp/notification.xml" como se esperaría, provocaba que Krill fallara. Si el endpoint integrado "/rrdp" se expone directamente a Internet, partes remotas maliciosas pueden provocar que el servidor de publicación falle. El contenido del repositorio no se ve afectado por esto, pero la disponibilidad del servidor y el repositorio puede causar problemas si este ataque es persistente y no se mitiga.

*Credits: We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-01-10 CVE Reserved
  • 2023-01-17 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-248: Uncaught Exception
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nlnetlabs
Search vendor "Nlnetlabs"
Krill
Search vendor "Nlnetlabs" for product "Krill"
< 0.12.1
Search vendor "Nlnetlabs" for product "Krill" and version " < 0.12.1"
-
Affected