Miggo Logo

CVE-2022-3029: NLnet Labs Routinator has Reachable Assertion vulnerability

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.54877%
Published
9/14/2022
Updated
1/29/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
routinatorrust>= 0.9.0, < 0.11.30.11.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper error handling in RRDP processing. Key evidence comes from the commit diff showing:

  1. The removal of fatal error returns in SnapshotUpdate/DeltaUpdate's process_publish methods
  2. Introduction of MaxSizeReadError to distinguish between size limits vs. read/decode errors
  3. Modifications to RepositoryObject::create's error handling

Pre-patch code treated any non-size-related error (including Base64 decoding failures) as fatal via the 'Err(Failed)' path. The vulnerable functions directly handled error cases that should have been non-fatal, causing denial of service through process termination.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In NLn*t L**s Routin*tor *.*.* up to *n* in*lu*in* *.**.*, *u* to * mist*k* in *rror **n*lin*, **t* in RR*P sn*ps*ot *n* **lt* *il*s w*i** *r* not *orr**tly **s* ** *n*o*** *r* tr**t** *s * **t*l *rror *n* **us*s Routin*tor to *xit. Worst **s* imp**t

Reasoning

T** vuln*r**ility st*mm** *rom improp*r *rror **n*lin* in RR*P pro**ssin*. K*y *vi**n** *om*s *rom t** *ommit *i** s*owin*: *. T** r*mov*l o* **t*l *rror r*turns in Sn*ps*otUp**t*/**lt*Up**t*'s pro**ss_pu*lis* m*t*o*s *. Intro*u*tion o* M*xSiz*R****r