CVE-2023-0158 - Vulnerability Details - OpenCVE

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Nlnetlabs	Krill

Configuration 1 [-]

cpe:2.3:a:nlnetlabs:krill:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt

History

Fri, 04 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: NLnet Labs

Published: 2023-01-17T00:00:00.000Z

Updated: 2025-04-04T18:49:52.823Z

Reserved: 2023-01-10T00:00:00.000Z

Link: CVE-2023-0158

Vulnrichment

Updated: 2024-08-02T05:02:43.819Z

NVD

Status : Modified

Published: 2023-01-17T17:15:11.837

Modified: 2025-04-04T19:15:44.493

Link: CVE-2023-0158

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0158", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "assignerShortName": "NLnet Labs", "dateUpdated": "2025-04-04T18:49:52.823Z", "dateReserved": "2023-01-10T00:00:00.000Z", "datePublished": "2023-01-17T00:00:00.000Z"}, "containers": {"cna": {"title": "Triggered crash on direct RRDP access", "datePublic": "2023-01-17T00:00:00.000Z", "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2023-01-17T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \"/rrdp\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \"/rrdp/\", rather than an RRDP file such as \"/rrdp/notification.xml\" as would be expected, causes Krill to crash. If the built-in \"/rrdp\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated."}], "affected": [{"vendor": "NLnet Labs", "product": "Krill", "versions": [{"version": "unspecified", "lessThanOrEqual": "0.12.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"}], "credits": [{"lang": "en", "value": "We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure."}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-248: Uncaught Exception", "cweId": "CWE-248"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:43.819Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T18:49:19.145812Z", "id": "CVE-2023-0158", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T18:49:52.823Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:43.819Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-0158", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-04T18:49:19.145812Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T18:49:43.275Z"}}], "cna": {"title": "Triggered crash on direct RRDP access", "credits": [{"lang": "en", "value": "We would like to thank user KittensAreDaBest on GitHub for the discovery and disclosure."}], "affected": [{"vendor": "NLnet Labs", "product": "Krill", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "0.12.0"}]}], "datePublic": "2023-01-17T00:00:00.000Z", "references": [{"url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"}], "descriptions": [{"lang": "en", "value": "NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \"/rrdp\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \"/rrdp/\", rather than an RRDP file such as \"/rrdp/notification.xml\" as would be expected, causes Krill to crash. If the built-in \"/rrdp\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2023-01-17T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0158", "state": "PUBLISHED", "dateUpdated": "2025-04-04T18:49:52.823Z", "dateReserved": "2023-01-10T00:00:00.000Z", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "datePublished": "2023-01-17T00:00:00.000Z", "assignerShortName": "NLnet Labs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nlnetlabs:krill:*:*:*:*:*:*:*:*", "matchCriteriaId": "C29A18F4-74BB-4FDD-B080-1F63A74628CD", "versionEndExcluding": "0.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the \"/rrdp\" endpoint. Prior to 0.12.1 a direct query for any existing directory under \"/rrdp/\", rather than an RRDP file such as \"/rrdp/notification.xml\" as would be expected, causes Krill to crash. If the built-in \"/rrdp\" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated."}, {"lang": "es", "value": "NLnet Labs Krill admite el acceso directo al contenido del repositorio RRDP a trav\u00e9s de su servidor web integrado en el endpoint \"/rrdp\". Antes de 0.12.1, una consulta directa a cualquier directorio existente en \"/rrdp/\", en lugar de un archivo RRDP como \"/rrdp/notification.xml\" como se esperar\u00eda, provocaba que Krill fallara. Si el endpoint integrado \"/rrdp\" se expone directamente a Internet, partes remotas maliciosas pueden provocar que el servidor de publicaci\u00f3n falle. El contenido del repositorio no se ve afectado por esto, pero la disponibilidad del servidor y el repositorio puede causar problemas si este ataque es persistente y no se mitiga."}], "id": "CVE-2023-0158", "lastModified": "2025-04-04T19:15:44.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-17T17:15:11.837", "references": [{"source": "sep@nlnetlabs.nl", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.nlnetlabs.nl/downloads/krill/CVE-2023-0158.txt"}], "sourceIdentifier": "sep@nlnetlabs.nl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "sep@nlnetlabs.nl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}