CVE-2023-0158 (GCVE-0-2023-0158)

Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-04 18:49
VLAI?
Summary
NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
NLnet Labs Krill Affected: unspecified , ≤ 0.12.0 (custom)
Create a notification for this product.
Credits
We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-0158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-04T18:49:19.145812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-04T18:49:52.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Krill",
          "vendor": "NLnet Labs",
          "versions": [
            {
              "lessThanOrEqual": "0.12.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure."
        }
      ],
      "datePublic": "2023-01-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \"/rrdp\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \"/rrdp/\", rather than an RRDP file such as \"/rrdp/notification.xml\" as would be expected, causes Krill to crash. If the built-in \"/rrdp\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-17T00:00:00.000Z",
        "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "shortName": "NLnet Labs"
      },
      "references": [
        {
          "url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"
        }
      ],
      "title": "Triggered crash on direct RRDP access"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
    "assignerShortName": "NLnet Labs",
    "cveId": "CVE-2023-0158",
    "datePublished": "2023-01-17T00:00:00.000Z",
    "dateReserved": "2023-01-10T00:00:00.000Z",
    "dateUpdated": "2025-04-04T18:49:52.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nlnetlabs:krill:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.12.1\", \"matchCriteriaId\": \"C29A18F4-74BB-4FDD-B080-1F63A74628CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \\\"/rrdp\\\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \\\"/rrdp/\\\", rather than an RRDP file such as \\\"/rrdp/notification.xml\\\" as would be expected, causes Krill to crash. If the built-in \\\"/rrdp\\\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.\"}, {\"lang\": \"es\", \"value\": \"NLnet Labs Krill admite el acceso directo al contenido del repositorio RRDP a trav\\u00e9s de su servidor web integrado en el endpoint \\\"/rrdp\\\". Antes de 0.12.1, una consulta directa a cualquier directorio existente en \\\"/rrdp/\\\", en lugar de un archivo RRDP como \\\"/rrdp/notification.xml\\\" como se esperar\\u00eda, provocaba que Krill fallara. Si el endpoint integrado \\\"/rrdp\\\" se expone directamente a Internet, partes remotas maliciosas pueden provocar que el servidor de publicaci\\u00f3n falle. El contenido del repositorio no se ve afectado por esto, pero la disponibilidad del servidor y el repositorio puede causar problemas si este ataque es persistente y no se mitiga.\"}]",
      "id": "CVE-2023-0158",
      "lastModified": "2024-11-21T07:36:39.690",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-01-17T17:15:11.837",
      "references": "[{\"url\": \"https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt\", \"source\": \"sep@nlnetlabs.nl\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "sep@nlnetlabs.nl",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"sep@nlnetlabs.nl\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-248\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-0158\",\"sourceIdentifier\":\"sep@nlnetlabs.nl\",\"published\":\"2023-01-17T17:15:11.837\",\"lastModified\":\"2025-04-04T19:15:44.493\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \\\"/rrdp\\\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \\\"/rrdp/\\\", rather than an RRDP file such as \\\"/rrdp/notification.xml\\\" as would be expected, causes Krill to crash. If the built-in \\\"/rrdp\\\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.\"},{\"lang\":\"es\",\"value\":\"NLnet Labs Krill admite el acceso directo al contenido del repositorio RRDP a trav\u00e9s de su servidor web integrado en el endpoint \\\"/rrdp\\\". Antes de 0.12.1, una consulta directa a cualquier directorio existente en \\\"/rrdp/\\\", en lugar de un archivo RRDP como \\\"/rrdp/notification.xml\\\" como se esperar\u00eda, provocaba que Krill fallara. Si el endpoint integrado \\\"/rrdp\\\" se expone directamente a Internet, partes remotas maliciosas pueden provocar que el servidor de publicaci\u00f3n falle. El contenido del repositorio no se ve afectado por esto, pero la disponibilidad del servidor y el repositorio puede causar problemas si este ataque es persistente y no se mitiga.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sep@nlnetlabs.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-248\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nlnetlabs:krill:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.12.1\",\"matchCriteriaId\":\"C29A18F4-74BB-4FDD-B080-1F63A74628CD\"}]}]}],\"references\":[{\"url\":\"https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt\",\"source\":\"sep@nlnetlabs.nl\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:02:43.819Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0158\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-04T18:49:19.145812Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-04T18:49:43.275Z\"}}], \"cna\": {\"title\": \"Triggered crash on direct RRDP access\", \"credits\": [{\"lang\": \"en\", \"value\": \"We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure.\"}], \"affected\": [{\"vendor\": \"NLnet Labs\", \"product\": \"Krill\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.12.0\"}]}], \"datePublic\": \"2023-01-17T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \\\"/rrdp\\\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \\\"/rrdp/\\\", rather than an RRDP file such as \\\"/rrdp/notification.xml\\\" as would be expected, causes Krill to crash. If the built-in \\\"/rrdp\\\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-248\", \"description\": \"CWE-248: Uncaught Exception\"}]}], \"providerMetadata\": {\"orgId\": \"206fc3a0-e175-490b-9eaa-a5738056c9f6\", \"shortName\": \"NLnet Labs\", \"dateUpdated\": \"2023-01-17T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-0158\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-04T18:49:52.823Z\", \"dateReserved\": \"2023-01-10T00:00:00.000Z\", \"assignerOrgId\": \"206fc3a0-e175-490b-9eaa-a5738056c9f6\", \"datePublished\": \"2023-01-17T00:00:00.000Z\", \"assignerShortName\": \"NLnet Labs\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.